I have a simple txt file UserInfo.txt on a linux web server that simply has the username on one line and the password on the next line. I know this is not secure at all. The text file looks like below:
JohnDoe
JDPassword
I then have a PHP file that reads the UserInfo.txt file and uses that to authenticate against another web app. I would like to encrypt this information so that it passes securely.
Here is the PHP function that reads the file and captures the username and password:
function getCredentials($path = '../UserInfo.txt') {
$credentials = null;
try {
if ($fh = fopen($path, 'r')) {
$credentials = (object)array(
"userName" => trim(fgets($fh)),
"password" => trim(fgets($fh)),
"keepAlive" => false
);
}
} catch (Exception $ignored) {
}
return $credentials;
}
What my concern is, if I go to https://www.example.com/UserInfo.txt, I see the contents of that file. I want that file to be encrypted so it can’t be read by anything other than my PHP script. If I use Notepadd++ to encrypt the file, then upload it to the server, that would encrypt it, but will my PHP file still be able to read it as it should?