You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by John Newbigin <jn...@it.swin.edu.au> on 2004/05/17 03:11:00 UTC

Keeping PHP Database passwords secure

I am hoping that someone on this list might be interested enough to have 
a look at a security question for me.  Some background and code is 
provided on this page:
http://uranus.it.swin.edu.au/~jn/linux/php/passwords.htm

I have written an apache 1.3 module which stores a list of passwords and 
can dish them up to php scrips.  I have some questions about the 
security of this scheme, mostly about the ability to forge/spoof the 
main URI (mostly from a php script).

Other comments are also welcome.

John.

-- 
John Newbigin - Computer Systems Officer
School of Information Technology
Swinburne University of Technology
Melbourne, Australia
http://www.it.swin.edu.au/staff/jnewbigin