[PHP] Is it possible to see the source code in any way?

[vitinho444]

Hello guys, today i woke up with extreme security issues on my mind.

I have tons of password hideout in my pc, but with all the NSA crap and stuff, i want to be sure no one gets it, or if they do, it will not be easy to decrypt them.

So i thought to build an Application in C# or VB.NET, something easy and simple that showed all the passwords upon the input of a password or something. But i don't trust software since cracks are a reality and very easy to obtain.

So i thought, Im very comfortable with PHP, MySQL, jQuery, Javascript right now.. What if i built a single PHP file holding all the encrypted data, and a function (baked if possible) to decrypt them, then put it on my server (www.oryzhon.com) or even in a more secure (local) one with raspberry pi hosting it

So it would be something like:

Code: Select all

<?php
$steam_USERNAME[0] = "username";
$steam_PASSWORD[0] = "blablablapassword";
?>

This hosted in a server, is it any possible to do something that could bring those variables values to someone other than me? (By looking on the source code i.e)

Thanks and if you have some more security tips to share i would like to know

[OoZI]

I don't think you have to worry about the NSA if you're in Portugal... but unless someone was really determined to hack into apache, no they couldn't see your PHP source code.

[vitinho444]

I don't think you have to worry about the NSA if you're in Portugal... but unless someone was really determined to hack into apache, no they couldn't see your PHP source code.

Hehe nice then.

I've created it already and it's on my server now, don't tell anyone but the only output you will see if you ever find the file in the server is a 404 ERROR xD It's exactly the same as my server displays on legit errors so i think im safe for now

[Jackolantern]

Why do you want to make your passwords visible on the Internet? That alone is the largest security risk you are facing at the current time. One small mistake in the application could circumvent the security. There could also be previously unknown exploits in the platform itself. Obviously, this is asking a lot of someone just to get your passwords, but you never know.

What is the best, most secure way to store passwords? On a piece of paper. In today's digital age, few people are going through your dresser drawers anymore for passwords or info. They are going right to your computer.

If you really wanted an application to hold them, be sure to use a language that compiles directly to machine language, such as C/C++, and others. C#, VB, Java and others can easily be decompiled, even with the best obfuscators.

As far as general account security tips, the best tip I can give is to start with your email tightening the security. Your email is the king pin to all of your security. If someone gets access to your email, they can just begin Forgot Passwording all your passwords. For the more complicated ones that require specific info to reset, such as Amazon, they can just dig around through the lower-security ones until another account gives up the info to allow them to reset that one, too. It is a house of cards, and your email is the table underneath it. If it goes, it all goes. Your email password should be long, no dictionary names, have numbers and any allowable symbols in it, and should not be stored anywhere Internet accessible.

[Verahta]

That's what I do, I have an entire spiral notebook that is nothing but all my passwords. I never store passwords on my computer.

[vitinho444]

Why do you want to make your passwords visible on the Internet? That alone is the largest security risk you are facing at the current time. One small mistake in the application could circumvent the security. There could also be previously unknown exploits in the platform itself. Obviously, this is asking a lot of someone just to get your passwords, but you never know.

What is the best, most secure way to store passwords? On a piece of paper. In today's digital age, few people are going through your dresser drawers anymore for passwords or info. They are going right to your computer.

If you really wanted an application to hold them, be sure to use a language that compiles directly to machine language, such as C/C++, and others. C#, VB, Java and others can easily be decompiled, even with the best obfuscators.

As far as general account security tips, the best tip I can give is to start with your email tightening the security. Your email is the king pin to all of your security. If someone gets access to your email, they can just begin Forgot Passwording all your passwords. For the more complicated ones that require specific info to reset, such as Amazon, they can just dig around through the lower-security ones until another account gives up the info to allow them to reset that one, too. It is a house of cards, and your email is the table underneath it. If it goes, it all goes. Your email password should be long, no dictionary names, have numbers and any allowable symbols in it, and should not be stored anywhere Internet accessible.

Well the thought of having them in the internet is to access them anywhere..
The problem with the paper is simple:

Your email password should be long, no dictionary names, have numbers and any allowable symbols in it,

. It's easier to copy-paste them on the pc instead of type every single symbol..

I never thought that C++ was undecompileable.. I will have that in mind.

My email password is good, i generate them on a website and then make mods to it.

[Jackolantern]

Do NOT store your passwords on the Internet. The risk far outweighs the convenience.

If you need to carry passwords around with you, write them on paper and keep them in your wallet. But make sure that anyone stealing your wallet could not make sense of them. For example, choose a character you will never put in your passwords, such as an underscore. Substitute a character that appears in every one of your passwords with the underscore, and just know when you type it in you have to substitute that one. Anyone even getting the piece of paper would have no idea what the problem is if they tried to use them.

[vitinho444]

Do NOT store your passwords on the Internet. The risk far outweighs the convenience.

If you need to carry passwords around with you, write them on paper and keep them in your wallet. But make sure that anyone stealing your wallet could not make sense of them. For example, choose a character you will never put in your passwords, such as an underscore. Substitute a character that appears in every one of your passwords with the underscore, and just know when you type it in you have to substitute that one. Anyone even getting the piece of paper would have no idea what the problem is if they tried to use them.

Hum it kinda makes sense... still that problem of having to type every single symbol... damn you internet why you have to be so unsafe, I HATE YOU! No no i love you, shshsh

Already removed them from my server.
What about a PENDRIVE? :/ (still trying to find better ways than paper)

[Jackolantern]

Anything that ever connects to a computer can be compromised, but in reality, flash drives and things like that are quite safe. I mean, you aren't the president of the USA or anything, and I doubt you have a ninja squad out trying to break into your system no matter what the costs 24 hours a day. At least, I wouldn't think you are the president. OK, you might be, but if you aren't, I would say the flash drive is fine

[vitinho444]

Anything that ever connects to a computer can be compromised, but in reality, flash drives and things like that are quite safe. I mean, you aren't the president of the USA or anything, and I doubt you have a ninja squad out trying to break into your system no matter what the costs 24 hours a day. At least, I wouldn't think you are the president. OK, you might be, but if you aren't, I would say the flash drive is fine

I'm the president of my room

Yeah i will probably get a flash drive that i will always carry. And the flash drive wins.

Btw the paper choice is really good, just doesn't fit my needs.