hello ppl, i am wondering abut is there any way i can encrypt my phpmyadmin config file so that no body can get the username/passwd of the databse. the thing i want is the config file must be encrypted and decrypt only at application level ie it must decrypt only on execution (at applicatin level) and once the session will be finished it must encrypt again.
so what you guys think of this ......any suggestions ..?
vishal
Hi Vishal!
hello ppl, i am wondering abut is there any way i can encrypt my phpmyadmin config file so that no body can get the username/passwd of the databse. the thing i want is the config file must be encrypted and decrypt only at application level ie it must decrypt only on execution (at applicatin level) and once the session will be finished it must encrypt again.
This would be security by obscurity, if the de/encoding would take place without an additional password. On top of that, it would slow down the PMA execution an awful lot.
The wiser thing to do is NOT to store passwords in your config file and instead use Cookie or HTTP Authentication via SSL. Then nobody can steal your config.inc.php file and read passwords.
Storing the passwords in the file on servers where untrusted users have access to is never advisable...
Regards, Garvin