SECURITY: password&username(email) in php file.

[thosecars82]

Hello there

Question

I have just tested successfully the PEAR Mail package from http://email.about.com/od/emailprogrammingtips/qt/et073006.htm to send an email.

Nevertheless, before uploading any code like this to a public server I would like to know the risks of putting there my php file. To let you understand my concerns, you have to consider that this php file would contain a password and a username from an email which would be used to send emails. I am wondering whether puting a php file like this in a web server is secure or not. What should be done in this kind of cases? On the other hand there might be some way, which I am not aware of, to establish some protection for the password and username from this php file.

 

The code is the following one with some modifications for filling of the fields:

$from, $to, .... , $username, $password as you can see here:

 

<?php

require_once "Mail.php";

 

$from = "Sandra Sender <sender@example.com>";

$to = "Ramona Recipient <recipient@example.com>";

$subject = "Hi!";

$body = "Hi,\n\nHow are you?";

 

$host = "ssl://mail.example.com";

$port = "465";

$username = "smtp_username";

$password = "smtp_password";

 

$headers = array ('From' => $from,

  'To' => $to,

  'Subject' => $subject);

$smtp = Mail::factory('smtp',

  array ('host' => $host,

    'port' => $port,

    'auth' => true,

    'username' => $username,

    'password' => $password));

 

$mail = $smtp->send($to, $headers, $body);

 

if (PEAR::isError($mail)) {

  echo("<p>" . $mail->getMessage() . "</p>");

} else {

  echo("<p>Message successfully sent!</p>");

}

?>

 

I would appreciate that you told me what you know about issue. Can I just upload the php filewith the password and username written on it? is it crazy? or on the contrary, is there any measure I must take to protect the password and username which would be written in this php file?

Thanks in advance