I've been asked to quickly set up a password protected page on a client's server and I don't have access to a database on this occasion. There is only one username/password combination and this will be used by multiple persons. Not ideal. Anyway, I'm just thinking about storing the username and SHA1 encrypted password in a separate php file from the login script then doing my usual authentication. Is there a more secure way to store the user/password info or does this seem reasonable?
As long as the server is configured correctly (ie. it's not possible to view PHP source via web browser and other users on the server don't have access to read your files) this is a viable solution.
My only comment would be storing password/username in a separate PHP file doesn't make it any more secure .
Thanks for the reply. The server is configured correctly and file permissions set securely, so i'll just go ahead with that approach. Good point about moving the username/password info into the login file - not sure why i thought it would be more secure stored elsewhere (thought of possibly storing it in a file outside of webroot), just illogical paranoia!
.
Posting Permissions
Bookmarks