Reputation: 2347
How to encrypt xml files in php
I have an xml file where I store all usernames and passwords. I want to check the xml file for authentication. But I need to keep the xml file secure. How should I do it?
Upvotes: 1
Views: 2834
Answers (3)
Reputation: 12979
You might want to consider storing a salted hash of the password instead of encryptint the entire XML file. This SO link contains a great explanation as well as links that should help you understand the process better.
Upvotes: 1
Reputation: 54445
If you're only using this for the purposes of authentication, you shouldn't store the password itself, but rather a salted hash of the password. You'd then compare the value the user entered after running it through the same process.
There are some good PHP specific tips in the existing How to hash and salt passwords question.
Upvotes: 2
Reputation: 23125
Don't store the plain passwords in the XML if possible.
A better way would be to store a hashed value (eg. using SHA-1) and later, when you're checking authentication has the given password again using the same algorithm and just compare if it's the same hash-value as you've stored in the XML file.
PHP even offers the function sha1() for this purpose.
Upvotes: 1