DB password security |
You are going to hide the code all together? What if you end up dead and no one knows the encryption key anymore.
Sure you should always put it outside the root folder so it's not accessible by a public file. But it should be available for future development. In case you are going to update it to a more modern encryption. As you stated; They own the code. Use password_hash and password_verify for password encryption instead. It's a randomized salt so it's stored together with the password. So no one ones it. http://php.net/manual/en/function.password-hash.php http://php.net/manual/en/function.password-verify.php |
Messages In This Thread |
DB password security - by arber.smajli - 08-23-2018, 12:56 AM
RE: DB password security - by skunkbad - 08-23-2018, 01:03 AM
RE: DB password security - by arber.smajli - 08-23-2018, 01:15 AM
RE: DB password security - by jreklund - 08-23-2018, 02:52 AM
RE: DB password security - by arber.smajli - 08-23-2018, 03:45 AM
RE: DB password security - by jreklund - 08-23-2018, 03:51 AM
RE: DB password security - by Pehesis - 08-27-2018, 12:55 AM
|