Oracle Password Encryption

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
tommy1987
Forum Commoner
Posts: 92
Joined: Tue Feb 21, 2006 8:35 pm

Oracle Password Encryption

Post by tommy1987 »

In a PHP file containing the login credentials for the database, this should not be hard coded, how should I go about storing this information since I want it to be safe enough that the source is open and viewable by anyone.

Thanks.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: Oracle Password Encryption

Post by alex.barylski »

Use a hash funciton like sha256.

Either Google around here for feyd's PHP implementation or use the following if available:

Code: Select all

hash('sha256', 'password');
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Oracle Password Encryption

Post by Mordred »

Use a hash funciton like sha256.
No, he can't. He means the login credentials for the database backend, not the web app logins.
Read this carefully: http://shiflett.org/articles/shared-hosting (essential snippet near the bottom), and really be careful how you implement it.
Post Reply