Page 1 of 1
Password in clear text?
Posted: Tue Feb 26, 2008 1:17 am
by aelster
Setting up SMTP authentication requires both a "username" and "password" for a SMTP server. While the "username" doesn't present a problem do people put the "password" into their PHP source file? What ways, if any, are there around this as this seems like a security problem?
Re: Password in clear text?
Posted: Tue Feb 26, 2008 6:57 am
by Chris Corbyn
It's just the same issue as putting a MySQL username and password in a PHP file. If someone has access to your server to read such PHP source code you have bigger issues. Putting it outside the web root will help

Re: Password in clear text?
Posted: Tue Feb 26, 2008 9:46 am
by aelster
Thanks. It probably also wise to have a unique username/password just for email access so no personal accounts get compromised