[Phpmyadmin-devel] encryption of config file

Garvin Hicking phpmyadmin at supergarv.de
Sat Aug 13 09:43:16 CEST 2005

Hi Vishal!

> hello ppl, i am wondering abut is there any way i can encrypt my phpmyadmin
> config file so that no body can get the username/passwd of the databse. the
> thing i want is the config file must be encrypted and decrypt only at
> application level ie it must decrypt only on execution (at applicatin level) and
> once the session will be finished it must encrypt again.

This would be security by obscurity, if the de/encoding would take place without
an additional password. On top of that, it would slow down the PMA execution an
awful lot.

The wiser thing to do is NOT to store passwords in your config file and instead
use Cookie or HTTP Authentication via SSL. Then nobody can steal your
config.inc.php file and read passwords.

Storing the passwords in the file on servers where untrusted users have access
to is never advisable...


++ Garvin Hicking | Web-Entwickler [PHP]    | www.garv.in | ICQ 21392242
++ Developer of   | www.phpMyAdmin.net      | www.s9y.org

++ Make me happy  | http://wishes.garv.in

More information about the Developers mailing list