0

I'm struggling with protecting my login info. Let's say my FTP gets hacked, the hackers get access to my login info and may do harm as they like.

Is there a possible way of encrypting it or secure it in any way which will be unhackable, at least for the amateurs? I know there are ways to encrypt a php code and install a loader, but that's not really an option as I don't have access to install plugins in my server and only have access to FTP (and encryptors without loader are very easy to hack).

Omer Aviv
  • 286
  • 3
  • 20
  • [Don't limit passwords](http://jayblanchard.net/security_fail_passwords.html) and [use the proper methods to hash and verify passwords with PHP](http://jayblanchard.net/proper_password_hashing_with_PHP.html). – Jay Blanchard Aug 03 '15 at 18:32
  • Database username and password? – Sayed Aug 03 '15 at 18:32
  • 1
    @JayBlanchard this is not really what I meant for. I meant the login information used to log into the database with the `mysqli` library. – Omer Aviv Aug 03 '15 at 18:33
  • You can safely store that info into a PHP file. Someone would have to get access to your server and be able to read your PHP files to find that information. – Jay Blanchard Aug 03 '15 at 18:34
  • @JayBlanchard I specified that option as why I want to secure the info.. – Omer Aviv Aug 03 '15 at 18:38
  • Theres the usual methods of saving login info to another php script and as long as a malicious user cannot access your script your password should be safe. **But you asked** *Let's say my FTP gets hacked, the hackers get access to my login info and may do harm as they like*. So your question deals with a level more abstract. If your FTP gets "hacked" and they have direct access to the data on your server then there is pretty much nothing you can do. If you're using sftp, that will introduce another layer of security but even that login info (FTP access info) can be hacked. [contd] – Shreyas Chavan Aug 03 '15 at 23:26
  • You can try changing the password as soon as you find out that its been hacked. But still the malicious user will have access within the session he has already created with the server. So this is also a no go. Also, someone mentioned hashing, Hashing cannot work in your case as it is inherently *one-way* so you cant decipher a password to work with your `mysqli` library from the hash. – Shreyas Chavan Aug 03 '15 at 23:29

0 Answers0