Skip to content
bemosior edited this page Oct 22, 2012 · 37 revisions

PHPasswordPusher Logo

Overview

PHPasswordPusher is a PHP port of the PasswordPusher project, which provides a more secure method for sharing sensitive information (like passwords) with others. It operates on the principal that using a soon-to-be-expiring link to retrieve sensitive information is better than having the sensitive information persist in email, chat, etc...

A user will enter the sensitive information (password, etc.) into the pwlink script, set a view and time limit, and receive a link. That link is communicated to the intended recipient, who then can retrieve the sensitive information until the view or time limits are breached.

Timeline

This application is still in its infancy, but it can be considered functionally complete. I plan to have an official release by October 2012 that should include a number of enhancements, so check back soon!

Environment

PHPasswordPusher has so far been tested with the following environment:

  • Linux (RHEL 5 and CentOS 5, though other distributions should work.)
  • Apache
  • MySQL
  • PHP

Installation

  1. Change configuration options in config.php
  2. Change configuration options in mysqlinstall.php
  3. From the command-line interface, run php mysqlinstall.php
  4. Copy the 'deploy' directory to the php-enabled web directory of your choice (rename as you like, but update deploy/config.php to reflect the change!)
  5. Configure Apache:
#PHPasswordPusher
Alias /youralias/ /your/installation/dir/deploy/
<Directory /your/installation/dir/deploy/>

    #If you use the email functionality, you should definitely enable authentication:
    #AuthName "Your login message."
    #AuthType Basic
    #AuthUserFile /your/.htpasswd
    #require valid-user

    AllowOverride None
    Order allow,deny
    Allow from all      
    DirectoryIndex pw.php  

    <Files ~ "config.php">
        Order allow,deny
        Deny from all
    </Files>
</Directory>
Clone this wiki locally