EarthQuake Posted March 6, 2007 I've been working on my website recently, adding a level-based user account system. Users can register an account that must be activated by an administrator. All users including the administrators have a "level" which determines what type of access they have to the site. My problem is, that the file I'm storing the passwords in cannot be protected via CHMOD because my script that reads the file just hangs whenever I do. I've tried all sorts of combinations, but the only ones that work still let me view the file through my browser. Now of course the passwords have been encypted, but I'm guessing that this just isn't enough. The entire security of the site depends upon protecting this file. Any ideas on what I can do? If you need any more information on the system so far, just ask. I'd appreciate any help I could get. 0 Share this post Link to post
AndrewB Posted March 6, 2007 Maybe use a database instead of flat files? 0 Share this post Link to post
Remilia Scarlet Posted March 6, 2007 What about a salt-based crypto system? I've used that before when writing a program here at work, and it seemed pretty easy to use, yet still decently safe. But then again, I'm not a security expert ;) 0 Share this post Link to post
Bloodshedder Posted March 6, 2007 One-way hashing + salting tutorial. If you put the file with the passwords in it in a separate directory and make the directory itself non-executable, then nothing in the directory can be seen by someone with a browser. (I think.) 0 Share this post Link to post