You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by John Newbigin <jn...@it.swin.edu.au> on 2004/05/17 03:11:00 UTC
Keeping PHP Database passwords secure
I am hoping that someone on this list might be interested enough to have
a look at a security question for me. Some background and code is
provided on this page:
http://uranus.it.swin.edu.au/~jn/linux/php/passwords.htm
I have written an apache 1.3 module which stores a list of passwords and
can dish them up to php scrips. I have some questions about the
security of this scheme, mostly about the ability to forge/spoof the
main URI (mostly from a php script).
Other comments are also welcome.
John.
--
John Newbigin - Computer Systems Officer
School of Information Technology
Swinburne University of Technology
Melbourne, Australia
http://www.it.swin.edu.au/staff/jnewbigin