[SOLVED] hiding password

[ball420]

so when a php doc is show in lets say ie and you view the source none of the php code is shown but is a bot still able to track it i'm just trying to be very through wiht my security thanks everyone

[Mr. R]

Im not sure if a bot can read it but if you want to be extra safe with your passwords you can encrypt them.

 

Use md5()

[ball420]

so i would just put md5() inside my php scripts ?

[taith]

$pass=md5($_POST[password]);

 

easy enough to keep it from being seen properly... but completly hackable...

[ball420]

so what then is the best way becsuse i need this to be completly ono hackable or as much as possible

[Tandem]

md5 is for if somebody manages to hack into where you store your clients/customers/members passwords, that they will not be able to read the passwords or be able to use them for anything worthwhile. The security of md5 is debatable though as some claim they can decrypt it, but i am yet to see proof of this or see it for myself.

 

If you want your page to be truly secure, like maybe if users are submitting sensitive info, such as credit card details, you need to look into SSL.

[shaunrigby]

and use sha1() instead of md5()

[ball420]

so what's the differance? and how would i put that in the code jsut to make sure i'm on the right page

 

<?php

 

 

$host=localhost; // Host name

$username=tony; // Mysql username

$password=billy; // Mysql password

$db_name=test; // Database name

$tbl_name=clearbook; // Table name

 

 

 

?>

 

 

[MadTechie]

sha1() is quicker it was considered to be the successor to MD5

[MadTechie]

ball420:

everyone here is talking about hashing the users password (aka members of your site), i know you wish to hide the password stored for accessing the database, the fact is.. the way you have it is fine. of course you can improve on it but 97% of php coders do what you are doing with the password, just storing it in a config.php file,

 

just say you used the best encryption in the world.. you will need to decrypt it to use it.. so it would be the same as having the password stored as is.

 

 

 

Note: 97% was picked out of thin air

[ball420]

ya i'm using the technique you showed me madtechie but i'm i was sitting here thinking we can't see it but what about the bots?

[ball420]

ok right on thanskk again

 

another one solved

[Trium918]

What is the 'bot'?

[MadTechie]

Bot's will just see html (just like users)

[shaunrigby]

My Bad

 

POST REMOVED

[MadTechie]

shaunrigby please read the post..

 

i would love to see you store the database password in the database..