Go Back   Computer Forums > Web Design | Website Development > Web Programming
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 07-20-2007, 06:54 PM   #1
Baseband Member
 
ROSEBLOOD's Avatar
 
Join Date: Jun 2004
Posts: 46
Send a message via AIM to ROSEBLOOD
Default [PHP] Hard coding in an Admin Account

Is it safer to hard code an Admin account into the page, or should I just add it into the MySQL DB? I'm just looking at what will be more secure. ~ROSEBLOOD
__________________

__________________
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
--Stephen Hawking (1942 - )
ROSEBLOOD is offline   Reply With Quote
Old 07-22-2007, 05:21 PM   #2
Site Team
 
David Lindon's Avatar
 
Join Date: Dec 2002
Posts: 15,233
Default Re: [PHP] Hard coding in an Admin Account

Could you be a little more specific? Are you talking about embedding a password into a PHP page or the DB?
__________________

__________________
[url=http://www.LNXPS.NET]LNXPS.NET - The XPS Library]
David Lindon is offline   Reply With Quote
Old 07-22-2007, 06:09 PM   #3
BSOD
 
rot13's Avatar
 
Join Date: Jul 2007
Posts: 113
Default Re: [PHP] Hard coding in an Admin Account

I think you would be better off adding it into the DB. If somebody reverse-engineers your page somehow then your admin details are freely available to them plus you can change it in the DB without having to change the source code in your page. Its better to use the db for both security and convenience issues.
rot13 is offline   Reply With Quote
Old 07-22-2007, 07:30 PM   #4
j03
~~~~~~~~
 
Join Date: Jan 2005
Location: Wales
Posts: 5,556
Send a message via MSN to j03
Default Re: [PHP] Hard coding in an Admin Account

Quote:
Originally Posted by rot13 View Post
I think you would be better off adding it into the DB. If somebody reverse-engineers your page somehow then your admin details are freely available to them plus you can change it in the DB without having to change the source code in your page. Its better to use the db for both security and convenience issues.
Maybe, but if someone "reverse engineered" you'r page, which was logging into a mySQL DB, then they would have the username and password to login to the database, which contained the Admin Password or w/e.. (but i do agree with you, a DB would be better)
j03 is offline   Reply With Quote
Old 07-24-2007, 03:38 AM   #5
Baseband Member
 
ROSEBLOOD's Avatar
 
Join Date: Jun 2004
Posts: 46
Send a message via AIM to ROSEBLOOD
Default Re: [PHP] Hard coding in an Admin Account

I have the Admin account in the PHP code. I was thinking about it and figured that embedding it into the code would be more secure since i couldn't think of an easy way to extract the name and password.

I'll add it to the DB. Thanks guys

~ROSEBLOOD
__________________
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
--Stephen Hawking (1942 - )
ROSEBLOOD is offline   Reply With Quote
Old 07-26-2007, 04:56 PM   #6
Golden Master
 
joxley1990's Avatar
 
Join Date: Oct 2005
Posts: 7,846
Send a message via AIM to joxley1990 Send a message via MSN to joxley1990
Default Re: [PHP] Hard coding in an Admin Account

How could they not extract it, all you need to do it view the page source and all the information would be there.. ?
joxley1990 is offline   Reply With Quote
Old 07-26-2007, 05:13 PM   #7
j03
~~~~~~~~
 
Join Date: Jan 2005
Location: Wales
Posts: 5,556
Send a message via MSN to j03
Default Re: [PHP] Hard coding in an Admin Account

Not if it's PHP. PHP is Server side, so you cant view the source code. All you would get would be HTML.
j03 is offline   Reply With Quote
Old 08-07-2007, 03:30 PM   #8
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,004
Default Re: [PHP] Hard coding in an Admin Account

either way is just as secure

if you put it in the php source code, it's not displayed to the user, (unless there is an error and it displays source code).

if you have the admin account in a DB you still have to have the db password in the php, so the password is still just as exposed to any 'hacker' who would have got the password by reading your source code anyway, because by the time they've seen the source, they seen all the code and know the DB passwords and how to get the passwords from the DB

storing the password in the DB is a lot more convenient.
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 08-20-2007, 05:36 PM   #9
Fully Optimized
 
Join Date: Jun 2005
Posts: 3,275
Send a message via ICQ to DJ Stephen Send a message via AIM to DJ Stephen Send a message via MSN to DJ Stephen Send a message via Yahoo to DJ Stephen
Default Re: [PHP] Hard coding in an Admin Account

I agree with root, however there are the points below:

If you hard code it into the script, this is only ideal for 1 - 5 users and won't be updated hardly every and it's slightly easier, however the database method would be from 5+ members and is alot easier to update, however will take a little more code to do things like:
PHP Code:
$name mysql_real_escape_string($_POST['name']); 
Hope this helps..
DJ Stephen is offline   Reply With Quote
Old 08-20-2007, 05:40 PM   #10
In Runtime
 
AllThingsSacred's Avatar
 
Join Date: Aug 2007
Posts: 302
Default Re: [PHP] Hard coding in an Admin Account

Using the database makes it more maintainable, but root is right in the two ways being equally secure.
__________________

__________________
Patrick Moore
Born London, Live London, Die London
As a Londoner, I exercise my God given Right to do as I please
AllThingsSacred is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:46 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0