Welcome Guest, Not a member yet? Register   Sign In
DB password security
#5

(08-23-2018, 02:52 AM)jreklund Wrote: You are going to hide the code all together? What if you end up dead and no one knows the encryption key anymore.
Sure you should always put it outside the root folder so it's not accessible by a public file. But it should be available for future development. In case you are going to update it to a more modern encryption. As you stated; They own the code.

Use password_hash and password_verify for password encryption instead. It's a randomized salt so it's stored together with the password. So no one ones it.
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/function.password-verify.php

Not hide the codeĀ 

2 kind of people are going to work on the project

- The IT administration (add page, add form, change css and so on)
- The developpers who can modify all the containt of the projects

I would like to externalise the config file out of the root, so the IT guys cannot see it (only the developpers)
Reply


Messages In This Thread
DB password security - by arber.smajli - 08-23-2018, 12:56 AM
RE: DB password security - by skunkbad - 08-23-2018, 01:03 AM
RE: DB password security - by arber.smajli - 08-23-2018, 01:15 AM
RE: DB password security - by jreklund - 08-23-2018, 02:52 AM
RE: DB password security - by arber.smajli - 08-23-2018, 03:45 AM
RE: DB password security - by jreklund - 08-23-2018, 03:51 AM
RE: DB password security - by Pehesis - 08-27-2018, 12:55 AM



Theme © iAndrew 2016 - Forum software by © MyBB