Okay - cPanel/Fantistico to install certain content on the server. For some of my installs it automatically encrypted the password as part of the installation. So when I look at the php source at the site it shows as below.
$GB_DB["dbName"] = "joe_joe";
$GB_DB["host"] = "localhost";
$GB_DB["user"] = "joe_bill";
$GB_DB["pass"] = "HBHSGqqJv0h";
Assuming someone were to actually get into the server and find this particular php file etc etc they would still have to decrypt the password.
However, two of the items on my site were set up in the automatic install as:
$GB_DB["dbName"] = "joe_joe";
$GB_DB["host"] = "localhost";
$GB_DB["user"] = "joe_bill";
$GB_DB["pass"] = "joepass";
In other words, the real password shows in the php source.
So I guess my question is how do I set this up so that my php source code has encrypted passwords?
I hope this makes sense because my serach for the answer on the web didn't make sense to me.
And maybe the equally important question is, how easy would it be for someone to get access to those unencrypted passwords?
Thanks
Dave
|
Linear Mode
