height="$image_data->{review}->{height}"
width="$image_data->{review}->{width}"

Don't be such a weenie.

I didn't understand the code, but no doubt it's because I'm a weenie. :D

On *nix if you are not allowed to see it it won't (shouldn't) be readable by you. As noted *anyone* with a shell can read /etc/passwd.

Okay, something new I've learnt today. Just thought if it wasn't readable by me, and if I tried, I might be considered a naughty boy. :D

This gets you all the usernames on the system. In days long past the password hash was also stored in /etc/passwd. crypt is a one way hashing function i.e you can test if

'$1$nGQrri05$TxwHgtGUu9o95ietow9r43' eq crypt( $password, $salt )

but you can't 'decrypt' the password directly. crack and other (in)famous pieces of software will let you brute force crypted password by testing every possible combination or more usually a dictionary against crypt strings.

Okay, understand more now, thanks. I know I can't do anything much about someone trying to crack things or brute force their way in, but my overall objective with this is to be responsible with secure data, and I consider login usernames to websites, as secure data.

Anyway if you want to add a header that can't easily be turned into a valid username but that can be decrypted with ease by the appropriate people I would suggest a symetrical cipher like Crypt::Blowfish. All you need to do is keep the encoding key secret. Still it looks like there are 30,000+ accounts that can all read /etc/passwd so the point seems moot.

Well, I have no idea why the UId# for my account is so high, when there are only approx. 200+ domains on the server ? It wouldn't really matter how many accounts there were if the UID is encrypted though, and the encoding is kept secret, although in theory, the more the (encrypted) UID is made public, the greater the chance of cracking ??

Thanks for all your help,

Peter