?
Solved

php in windows

Posted on 2011-03-13
11
Medium Priority
?
297 Views
Last Modified: 2012-05-11
I have a php code run on windows I have only one machine i dont want my staff to know password  how can i conceal config.php which keep my sql user name and password from mystaff
0
Comment
Question by:teera
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4
11 Comments
 
LVL 12

Expert Comment

by:Mohamed Abowarda
ID: 35124917
You will have to store the username and password in more secure place, I recommend you to store them in database and use MD5 hash.
0
 

Author Comment

by:teera
ID: 35125094
Hi Medo3337
 If i encript it only that file it work or not and how can i encrypt it
thank
0
 
LVL 12

Accepted Solution

by:
Mohamed Abowarda earned 400 total points
ID: 35125134
To encrypt the password with MD5 hash use php md5() function

example:
$password = "This variable will store the original password";
$password = md5($password);

Now $password contains the encrypted password.

I don't recommend you to save your login information into PHP file.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Expert Comment

by:dsmile
ID: 35125165
I think what teera needs is prevent others from viewing his "MySQL Account" (which is written in config.php to connect to DB)
If I'm right, then teera needs some kind of sourcecode encoding, so that other can't view it.

Some recommendation: Ioncube, Zend Guard (all non-free unfortunately)
0
 

Author Comment

by:teera
ID: 35125448
Hi experts

Are there any software is free I need only encript 2 or 3 file
0
 
LVL 27

Assisted Solution

by:Lukasz Chmielewski
Lukasz Chmielewski earned 400 total points
ID: 35125772
It is not that simple. Is your skilled with computers / programming ?
Either you encrypt the file as dsmile says or you could buy another machine (or for that matter put a virtual one) and install a web server there with proper permissions. The machine you have now would have just an access to view the page / application.
0
 
LVL 2

Expert Comment

by:ajaikkumar
ID: 35126658
Encrypt and store in config file... the simple one
0
 
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 800 total points
ID: 35127998
IF they have access to the PC in question then, ultimately, there is nothing you can do.

In securing systems the first rule is to restrict physical access to the machine because anyone in the room with it can do what they like. Even if you password protected the machine they could reboot it using a "Live CD" or an OS on a memory key and then read whatever files they wished. Chnaging the OS to Mac or Linux would make no difference either. If you stripped the machine down and removed all CDs, floppies, USB connectors, etc then you still would not be secure because it only takes a few seconds to pop the lid and remove the hard drive.

I know this seems extreme, but it makes the point - as long as other have physical access to the machine then data stored on it cannot be secure. Your only hope would be to add encryption software and encrypt the entire hard disk and then never give the encryption key out for any reason and never let anyone else use the PC either.

Personally, I would rent a low cost VM on an external server and put everything on it instead and logon with SSH.
0
 
LVL 14

Assisted Solution

by:Scott Madeira
Scott Madeira earned 400 total points
ID: 35128462
If your concern is with the other people knowing your MySQL username and password for the database then I suggest you create an additional user in the database with what ever rights they need for the data and give that username and password to your employees.  this is what would be in the config.php file.

You would have the root/admin username and password available to you if you ever needed to access the database outside of your application.

When your employees no longer need access to the database you can delete the new username/password.
0
 
LVL 12

Expert Comment

by:Mohamed Abowarda
ID: 35128678
Put config.php in a folder and set the access permissions for that folder, so your staff wouldn't be able to access it.
0
 
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 800 total points
ID: 35129105
For all of you who think that changing a password on a machine that is not physically secured, here is how to reset ANY MySQL password including the root password

"If you set a root password previously, but have forgotten it, you can set a new password. The following sections provide instructions for Windows and Unix systems, as well as generic instructions that apply to any system. "

http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html#resetting-permissions-windows

Notice that this is listed in the MySQL on line manuals - I'm not leaking secrets here.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question