is it safe to save some secret information in a php file like this ??!!
<? /* my secret my secret my secret */ ?>
i want to use it for the passwords of my users instead of sql.
what do u think?
0
is it safe?
Started by simon777, Oct 01 2007 02:05 PM
5 replies to this topic
#1
-
- Members
-
- 12 posts
Young Padawan
Posted 01 October 2007 - 02:05 PM
hi guys
is it safe to save some secret information in a php file like this ??!!
i want to use it for the passwords of my users instead of sql.
what do u think?
is it safe to save some secret information in a php file like this ??!!
i want to use it for the passwords of my users instead of sql.
what do u think?
#2
-
- P2L Staff
-
- 1,410 posts
Senior Programmer
- Gender:Male
- Location:Montreal, Canada
- Interests:Web Design : Coding : Animation
Posted 01 October 2007 - 02:13 PM
Well, yes it is but it's definitely not a good way to store passwords, quite unusual as well...
SQL is the best method to store passwords. Otherwise use a flat-file that is stored below your public folder so it cannot be accessed.
You shouldn't store passwords in comments imo, as I don't see how you're going to access them?
SQL is the best method to store passwords. Otherwise use a flat-file that is stored below your public folder so it cannot be accessed.
You shouldn't store passwords in comments imo, as I don't see how you're going to access them?
#3
-
- Members
-
- 12 posts
Young Padawan
Posted 01 October 2007 - 02:24 PM
NGPixel, on Oct 1 2007, 02:13 PM, said:
You shouldn't store passwords in comments imo, as I don't see how you're going to access them?
it's simple
for example
if ($_post['pass'] == file('user/file.php')[1]) { u are logged in }
tnx 4 ur answer
#4
-
- Members
-
- 2 posts
Young Padawan
- Gender:Male
Posted 01 October 2007 - 04:06 PM
Unless something goes wrong on the server or you get very clumbsy with other php/htaccess files then its virtually 100% secure.
The only way it becomes insecure is if you mess something else up or have a bad web host .
The only way it becomes insecure is if you mess something else up or have a bad web host .
#5
-
- Members
-
- 910 posts
P2L Jedi
- Location:Montana, US
- Interests:Web design, snowboarding (lots of it), Computer science related.
Posted 01 October 2007 - 06:08 PM
This is NOT a secure way to store passwords. Learn to use SQL. You could in theory use htaccess to hide this file from users but it could still be guessable and accessed in that way. Also, in terms of being efficient php files aren't supposed to be their own database, if you had a lot of users this wouldn't work all that well..
I guess in the end the choice is yours but I would highly recommend NOT going this route.
-austen
I guess in the end the choice is yours but I would highly recommend NOT going this route.
-austen
#6
-
- P2L Staff
-
- 1,850 posts
P2L Staff
- Gender:Male
- Location:Saskatoon, Saskatchewan
- Interests:Guitar, Programming, Storm Chasing, Games (Designing and playing), Hockey, Photography
Posted 01 October 2007 - 07:16 PM
I've never saw it done like this. I think it would be better to use SQL because if some one got a hold of that file you would be in trouble. It is easier to get a file than something in SQL.
dEcade
dEcade
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
