ball420 Posted April 24, 2007 Share Posted April 24, 2007 so when a php doc is show in lets say ie and you view the source none of the php code is shown but is a bot still able to track it i'm just trying to be very through wiht my security thanks everyone Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/ Share on other sites More sharing options...
Mr. R Posted April 24, 2007 Share Posted April 24, 2007 Im not sure if a bot can read it but if you want to be extra safe with your passwords you can encrypt them. Use md5() Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237127 Share on other sites More sharing options...
ball420 Posted April 24, 2007 Author Share Posted April 24, 2007 so i would just put md5() inside my php scripts ? Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237132 Share on other sites More sharing options...
taith Posted April 24, 2007 Share Posted April 24, 2007 $pass=md5($_POST[password]); easy enough to keep it from being seen properly... but completly hackable... Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237134 Share on other sites More sharing options...
ball420 Posted April 24, 2007 Author Share Posted April 24, 2007 so what then is the best way becsuse i need this to be completly ono hackable or as much as possible Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237157 Share on other sites More sharing options...
Tandem Posted April 24, 2007 Share Posted April 24, 2007 md5 is for if somebody manages to hack into where you store your clients/customers/members passwords, that they will not be able to read the passwords or be able to use them for anything worthwhile. The security of md5 is debatable though as some claim they can decrypt it, but i am yet to see proof of this or see it for myself. If you want your page to be truly secure, like maybe if users are submitting sensitive info, such as credit card details, you need to look into SSL. Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237164 Share on other sites More sharing options...
shaunrigby Posted April 24, 2007 Share Posted April 24, 2007 and use sha1() instead of md5() Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237172 Share on other sites More sharing options...
ball420 Posted April 24, 2007 Author Share Posted April 24, 2007 so what's the differance? and how would i put that in the code jsut to make sure i'm on the right page <?php $host=localhost; // Host name $username=tony; // Mysql username $password=billy; // Mysql password $db_name=test; // Database name $tbl_name=clearbook; // Table name ?> Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237195 Share on other sites More sharing options...
MadTechie Posted April 24, 2007 Share Posted April 24, 2007 sha1() is quicker it was considered to be the successor to MD5 Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237196 Share on other sites More sharing options...
MadTechie Posted April 24, 2007 Share Posted April 24, 2007 ball420: everyone here is talking about hashing the users password (aka members of your site), i know you wish to hide the password stored for accessing the database, the fact is.. the way you have it is fine. of course you can improve on it but 97% of php coders do what you are doing with the password, just storing it in a config.php file, just say you used the best encryption in the world.. you will need to decrypt it to use it.. so it would be the same as having the password stored as is. Note: 97% was picked out of thin air Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237198 Share on other sites More sharing options...
ball420 Posted April 24, 2007 Author Share Posted April 24, 2007 ya i'm using the technique you showed me madtechie but i'm i was sitting here thinking we can't see it but what about the bots? Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237201 Share on other sites More sharing options...
ball420 Posted April 24, 2007 Author Share Posted April 24, 2007 ok right on thanskk again another one solved Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237202 Share on other sites More sharing options...
Trium918 Posted April 24, 2007 Share Posted April 24, 2007 What is the 'bot'? Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237207 Share on other sites More sharing options...
MadTechie Posted April 24, 2007 Share Posted April 24, 2007 Bot's will just see html (just like users) Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237210 Share on other sites More sharing options...
shaunrigby Posted April 24, 2007 Share Posted April 24, 2007 My Bad POST REMOVED Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237317 Share on other sites More sharing options...
MadTechie Posted April 24, 2007 Share Posted April 24, 2007 shaunrigby please read the post.. i would love to see you store the database password in the database.. Link to comment https://forums.phpfreaks.com/topic/48491-solved-hiding-password/#findComment-237320 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.