Re: [Phpgroupware-developers] security

[Chris Weiss]

depends on how well you trust your users and how you allow them to access your
system.  If you use filemanager/phpwebhosting and have the file uploading inside
the web root then it is possible that a user could upload a php script that 
prints
out the passwords.  This is actually true of any open php project that allows
uploads /inside of the web root/.  If course, you could just add an apache
directive to disallow scripts under the "files" dir or have the files dir 
outside
of the web root so a controled php script has to read the uploaded file and 
pass it
through cleanly, no direct access to run the script.

Since the password is not ever transfered over HTTP, plain text isn't that big 
of
an issue, and any encryption used would have to be reversable, and since the 
source
is openly available that becomes only slightly better than a plain text 
password.


sigurdne (address@hidden) wrote*:
>
>How secure is the passwords given in “header.inc.php”
>Is it possible with some kind of encryption?
>My company’s database manager is not particularly happy by the fact that the
>database password is stored in plain text.
>
>Regards Sigurd Nes
>
>
>
>
>_______________________________________________
>Phpgroupware-developers mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
>