SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Hybrid View

  1. #1
    SitePoint Zealot
    Join Date
    Aug 2007
    Posts
    154
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    User/Password storage query

    Hi guys,

    I've been asked to quickly set up a password protected page on a client's server and I don't have access to a database on this occasion. There is only one username/password combination and this will be used by multiple persons. Not ideal. Anyway, I'm just thinking about storing the username and SHA1 encrypted password in a separate php file from the login script then doing my usual authentication. Is there a more secure way to store the user/password info or does this seem reasonable?

  2. #2
    Web Professional
    Join Date
    Oct 2008
    Location
    London
    Posts
    862
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As long as the server is configured correctly (ie. it's not possible to view PHP source via web browser and other users on the server don't have access to read your files) this is a viable solution.

    My only comment would be storing password/username in a separate PHP file doesn't make it any more secure .

  3. #3
    SitePoint Zealot
    Join Date
    Aug 2007
    Posts
    154
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the reply. The server is configured correctly and file permissions set securely, so i'll just go ahead with that approach. Good point about moving the username/password info into the login file - not sure why i thought it would be more secure stored elsewhere (thought of possibly storing it in a file outside of webroot), just illogical paranoia!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •