how to not write p***word in code for using to mysql? - Page 2

On May 27, 5:56 pm, "_mario.lat" <n...@libero.it> wrote:
> >> I use PHP and I'd like to not write in hardcoded way p***word
> >> and login to access to mysql.
> >> how to not write p***word in code for access to mysql?
> >> How can I do?
> >> I'd like that who see my code don't see my paswords.
> >> there is a solution?
>
> > Now you can create the following file
>
> Thank you for answering me.
> I'm shure there is a better way with cript:
> DES or SHA, RSA...
> Mario.

Hello Mario!, i think that maybe you can "confuse" a little the
malicious user doing the following things:

1st: as i readed before, encrypt your p***word at (for example)
base64:
$user = "mario";
$p***word = "Y0dGemMzZHZjbVE9"; (the word "p***word" encrypted at
base64 TWICE, and looks like a plain text p***wd)

then, when you want to decrypt it and use it for loggin at some place
of your scripts:
echo base64_decode(base64_decode($p***word));
or, to confuse the attaker more, you can do the same
$p***_decrypted= base64_decode(base64_decode($p***word)); <--- but
also encrypted in hex like this..:

echo
"base64_d& #x65;code(ba&#x 73;e64_dec&#x6F ;de($pass& #x77;ord));";
as doing with echo, when executed, the browser prints the result in
plain text, showing base64_decode(base64_decode($p***word)), but the
question it's to save the plain text result, in a variable containing
your p***word decrypted...
I hope this will help you...i just improved this, 'cause i didn't
have time to explore more this(i have to go to work now

)
Success!!! See u! =)

On May 28, 3:20 pm, Keniobats <freerevolutiont...@gmail.com> wrote:
> On May 27, 5:56 pm, "_mario.lat" <n...@libero.it> wrote:
>
> > >> I use PHP and I'd like to not write in hardcoded way p***word
> > >> and login to access to mysql.
> > >> how to not write p***word in code for access to mysql?
> > >> How can I do?
> > >> I'd like that who see my code don't see my paswords.
> > >> there is a solution?
>
> > > Now you can create the following file
>
> > Thank you for answering me.
> > I'm shure there is a better way with cript:
> > DES or SHA, RSA...
> > Mario.
>
> Hello Mario!, i think that maybe you can "confuse" a little the
> malicious user doing the following things:
>
> 1st: as i readed before, encrypt your p***word at (for example)
> base64:
> $user = "mario";
> $p***word = "Y0dGemMzZHZjbVE9"; (the word "p***word" encrypted at
> base64 TWICE, and looks like a plain text p***wd)
>
> then, when you want to decrypt it and use it for loggin at some place
> of your scripts:
> echo base64_decode(base64_decode($p***word));
> or, to confuse the attaker more, you can do the same
> $p***_decrypted= base64_decode(base64_decode($p***word)); <--- but
> also encrypted in hex like this..:
>
> echo
> "base64_d& #x65;code(ba&#x 73;e64_dec&#x6F ;de($pass& #x77;ord));";
> as doing with echo, when executed, the browser prints the result in
> plain text, showing base64_decode(base64_decode($p***word)), but the
> question it's to save the plain text result, in a variable containing
> your p***word decrypted...
> I hope this will help you...i just improved this, 'cause i didn't
> have time to explore more this(i have to go to work now

)
> Success!!! See u! =)

sorry, i forgot to put the link i used to convert characters:
http://people.w3.org/rishida/scripts...conversion.php

good luck

Keniobats wrote:

> 1st: as i readed before, encrypt your p***word at (for example)
> base64:
> $user = "mario";
> $p***word = "Y0dGemMzZHZjbVE9"; (the word "p***word" encrypted at

If the user can reed that, then they can read this

> echo base64_decode(base64_decode($p***word));

And know how to decode the p***word.

--

//Aho