[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-developers] security

From: Chris Weiss
Subject: Re: [Phpgroupware-developers] security
Date: Thu, 31 Oct 2002 14:52:29 +0000

depends on how well you trust your users and how you allow them to access your
system.  If you use filemanager/phpwebhosting and have the file uploading inside
the web root then it is possible that a user could upload a php script that 
out the passwords.  This is actually true of any open php project that allows
uploads /inside of the web root/.  If course, you could just add an apache
directive to disallow scripts under the "files" dir or have the files dir 
of the web root so a controled php script has to read the uploaded file and 
pass it
through cleanly, no direct access to run the script.

Since the password is not ever transfered over HTTP, plain text isn't that big 
an issue, and any encryption used would have to be reversable, and since the 
is openly available that becomes only slightly better than a plain text 

sigurdne (address@hidden) wrote*:
>How secure is the passwords given in “”
>Is it possible with some kind of encryption?
>My company’s database manager is not particularly happy by the fact that the
>database password is stored in plain text.
>Regards Sigurd Nes
>Phpgroupware-developers mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]