Download
2010-05-19, 23:15:38
If you a sure the XML-file is without reach of others by either making sure the server won’t send information about it (using HTACCESS) or by placing it outside the public_html folder of your server (this method would be more secure than HTACCESS) you have done all you can to make it secret.
Encrypting and decrypting automatically is often unnecessary. If the XML can only be reached by your script it means anyone that wants to steal it needs to get access to the server. If they have access to the server they can simply check the PHP script used for decrypting and decrypt the password.
As a rule of thumb, storing passwords is always a bad idea. If you must store it, encrypt it. If you must be able to decrypt it make sure this decryption happens somewhere else or needs you to manually input a password. If people have gotten access to your encrypted password, chances are they have gotten access to your decrypting script as well. Never have all decryption and encryption information stored in the same place!
Encrypting and decrypting automatically is often unnecessary. If the XML can only be reached by your script it means anyone that wants to steal it needs to get access to the server. If they have access to the server they can simply check the PHP script used for decrypting and decrypt the password.
As a rule of thumb, storing passwords is always a bad idea. If you must store it, encrypt it. If you must be able to decrypt it make sure this decryption happens somewhere else or needs you to manually input a password. If people have gotten access to your encrypted password, chances are they have gotten access to your decrypting script as well. Never have all decryption and encryption information stored in the same place!
“Don’t forget the important ˚ (not °) on the a,†says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
