Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MYSQL and PHP

from [Wall, Kevin] Network Security [Permanent Link]
Subject: RE: MYSQL and PHP
Date: Thu, 18 May 2006 00:35:29 -0500 
For Windows, I'd say that using DPAPI is the way to do, using the
IIS_USERxxx
or similar user's credentials to do the encryption.

Michael Howard...are you out there? Doesn't Microsoft recommend using
DPAPI
(which if I'm not mistaken is not part of the .NET 2.0 Framework)?

---
Kevin W. Wall           Qwest Information Technology, Inc.
Kevin.Wall@qwest.com    Phone: 614.215.4788
"The reason you have people breaking into your software all 
over the place is because your software sucks..."
 -- Former whitehouse cybersecurity advisor, Richard Clarke,
    at eWeek Security Summit

-----Original Message-----
From: bugtraq@cgisecurity.net [mailto:bugtraq@cgisecurity.net] 
Sent: Tuesday, May 16, 2006 10:30 AM
To: Gerald Quakenbush
Cc: John Madden; webappsec@securityfocus.com
Subject: Re: MYSQL and PHP


Windows provides a way in ASP.NET to store the user/pass encrypted in
the registry and simply referencing it in your web.config allows it to
automagically work. I'm curious what solutions for php exist to allow
encrypted storage of sql login credentials so we can avoid the whole
storage in cleartext on the filesystem?

- zeno
http://www.cgisecurity.com/ Web Security news, and More
http://www.cgisecurity.com/index.rss [RSS Feed]

------------------------------------------------------------------------
-
Sponsored by: Watchfire

Watchfire named worldwide market share leader in web application
security 
assessment by leading market research firm. Watchfire's AppScan is the 
industry's first and leading web application security testing suite, and

the only solution to provide comprehensive remediation tasks at every 
level of the application. See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
------------------------------------------------------------------------
--


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire named worldwide market share leader in web application security 
assessment by leading market research firm. Watchfire's AppScan is the 
industry's first and leading web application security testing suite, and 
the only solution to provide comprehensive remediation tasks at every 
level of the application. See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Comparison report on web app security scanners, Bogdan Calin
Next by Date:  Re: Comparison report on web app security scanners, Bogdan Calin
Previous by Thread:  Re: MYSQL and PHP, wilson . amajohn
Next by Thread:  Re: MYSQL and PHP, Σπυρίδων Νίνος
Indexes:  [Date] [Thread] [Top] [All Lists]