httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Newbigin ...@it.swin.edu.au>
Subject Keeping PHP Database passwords secure
Date Mon, 17 May 2004 01:11:00 GMT
I am hoping that someone on this list might be interested enough to have 
a look at a security question for me.  Some background and code is 
provided on this page:
http://uranus.it.swin.edu.au/~jn/linux/php/passwords.htm

I have written an apache 1.3 module which stores a list of passwords and 
can dish them up to php scrips.  I have some questions about the 
security of this scheme, mostly about the ability to forge/spoof the 
main URI (mostly from a php script).

Other comments are also welcome.

John.

-- 
John Newbigin - Computer Systems Officer
School of Information Technology
Swinburne University of Technology
Melbourne, Australia
http://www.it.swin.edu.au/staff/jnewbigin


Mime
View raw message