473,770 Members | 1,661 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

PHP/MySQL encryption/protection of sensitive info

Hello all.

I'm currently working on a new site that encompasses the registration
of members. The registration is taking place through PHP interaction
with MySQL. The site is just going to be for my friends and I, but I
have run into an issue that I have often wondered about before. Any
insight would be appreciated.

The database contains semi-sensitive information. Not CC numbers, but
think more like usernames/passwords to other sites. I've done sites
before in which I would create user accounts/passwords. In that case,
I would just to straight encryption, and then decipher the input
password against the db encrypted one to verify login credentials. No
problem. But, what about the case in which my underlying programs
will need to use the usernames/passwords that are in the database
(exactly as they appear) to POST logins to other sites using that
information?

Ideally, I want to keep the info as secure and protected as possible
in the database. I can't really encrypt() the passwords because I
need to decrypt them again in order to POST them on respective sites
for respective users. I don't think that's how it works when you
encrypt since the idea is not to be able to decrypt with ease.

Do I need to write my own encryption function? The idea of storing
unencrypted semi-sensitive information makes both me and my friends
nervous.

Any thoughts on how to tackle this?

Thanks in advance,
Chris
Jul 16 '05 #1
1 9754
Hello,

On 07/09/2003 10:04 AM, Chris wrote:
I'm currently working on a new site that encompasses the registration
of members. The registration is taking place through PHP interaction
with MySQL. The site is just going to be for my friends and I, but I
have run into an issue that I have often wondered about before. Any
insight would be appreciated.

The database contains semi-sensitive information. Not CC numbers, but
think more like usernames/passwords to other sites. I've done sites
before in which I would create user accounts/passwords. In that case,
I would just to straight encryption, and then decipher the input
password against the db encrypted one to verify login credentials. No
problem. But, what about the case in which my underlying programs
will need to use the usernames/passwords that are in the database
(exactly as they appear) to POST logins to other sites using that
information?

Ideally, I want to keep the info as secure and protected as possible
in the database. I can't really encrypt() the passwords because I
need to decrypt them again in order to POST them on respective sites
for respective users. I don't think that's how it works when you
encrypt since the idea is not to be able to decrypt with ease.

Do I need to write my own encryption function? The idea of storing
unencrypted semi-sensitive information makes both me and my friends
nervous.


There isn't much you can do because if the user of your scripts can read
the passwords from somewhere, anybody logging as that user can access
the data from those scripts. Encription won't help because you still
have to decrypt and pass it to MySQL. Actually encryption will make it
slower because decryption takes time.

What you may want to do to make it more difficult is to use an encoder.
Encoders do not use encryption, just compile your scripts and encode the
resulting byte codes in binary format. The side effect is that encoded
scripts run faster because they just load pre-compiled scripts.

There are several commercial solutions but you can use also use Turck a
free encoder/loader without real disadvantages compared to commercial
solutions:

http://www.turcksoft.com/en/e_mmc.htm

Here you may even find a Web frontend to compile and encode your scripts:

http://www.phpclasses.org/phpcoder

--

Regards,
Manuel Lemos

Free ready to use OOP components written in PHP
http://www.phpclasses.org/

Jul 16 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
9
1878
PHP, MySQL and snippets of info ...
by: elyob | last post by:
Hi, I'm looking at storing snippets of details in MySQL about what credit cards a business excepts. Rather than have a whole column for Visa, another for Amex etc ... I am looking at having a column called payment types and inserting multiple codes ... e.g. ViAmBcCa Is this a good way of doing things? To me it'd be a lot cleaner and limit amount of Db work to be done. Is this a sensible way in your opinion? What's the best way of...
PHP
7
1176
Encryption: can't someone use a memory viewing program to see my k
by: B Maxey | last post by:
I have been working with encryption. And it seems to me that the IV and Key are the only things you need to decrypt my data. I can obfuscate, but my program still needs to 'call' the framework objects in System.Security.Cryptography. And this call can be searched for. Then using a program like SoftIce or Heapwalker they can examine the object and its properties (namely the IV and Key). Having that they can break my encryption. Am...
C# / C Sharp
7
2245
Any suggestions for what encryption method to use for sensitive database values?
by: Alan Silver | last post by:
Hello, I am writing a page where sensitive data is collected (over SSL) and stored in a database. I have been looking at the .NET encryption classes, but am a bit confused as to which is best for my purposes. There seem to be quite a few different ways of doing it, and I'm not sure what's most suitable for me. Anyone any suggestions? I only need to be able to store the data in such a way that someone without access to my (to see how...
ASP.NET
3
2789
Asp.net 2.0 deployment with encryption
by: Chuck P | last post by:
I need to deploy and asp.net 2.0 application that has dpapi/machine encrypted connection strings. I tried using the VS Build Publish menu selection and then putting the encryption in the global.asax application_start event. Unfortunately this errors because the asp.net account doesn't have write permissions to web.config. I'd rather not give permissions to the account. I tried writing a batch file to compile and then encrypt the...
ASP.NET
2
1809
mysql encryption tutorial?
by: veg_all | last post by:
The documentation for using encyption with mysql does not seem to have any easy to follow examples. Anyone know of one? I am surprised there does not seem much out there on this. I googled mysql encryption I would think any database containing personal and sensitive information would be stored encrypted, no?
PHP
7
6148
Encryption of application configuration block
by: Steven Cliff | last post by:
I have started to use the new Enterprise Library (Jan 06) and have set up a skeleton project using the DAAB. This all seems to work fine apart from when I come to secure the app.config file via encryption. I have encrypted the connectionsettings block in the config file but obviously when I come to deploy the solution to other PC's, it cannot read the block as it doesn't have the keys to decrypt. I understand that as far as ASP.NET...
.NET Framework
9
3597
nooB PhP login using MySQL
by: Ben | last post by:
Hello, I'll bet this has been asked a million times but I can't seem to find a thread that gives the clear example I need. This PC has MySQL and IIS configured and running. The MySQL database is "myDB" with a table "myUsers" with fields "Username" and "Password". I also have the MySQL ODBC driver loaded with a DSN "dsnMySQL" setup. First question is can someone direct me to a site or provide a sample code for a login page that...
PHP
19
3302
Proposal for Lite Encryption for Login Form without SSL
by: klenwell | last post by:
Another request for comments here. I'd like to accomplish something like the scheme outlined at this page here: http://tinyurl.com/3dtcdr In a nutshell, the form uses javascript to hash (md5) the password field using a random one-time salt (nonce) -- generated by php and pasted in the form -- that is then posted with the hashed password
PHP
7
5251
Cookie encryption?
by: Walter Sobchak | last post by:
The connection is ssl encrypted and I need to write some sensitive information in a cookie. I'd like to encrypt the cookie on the client so it could be decrypted later on the server. 1. If I use a symmetric algorithm how do I send the encryption key? 2. Is there any asymmetric algorithm that doesn't have an impact on performance? 3. Is there a difference in writing cookies with http an https? I think https in that case doesn't help.
Javascript
0
10232
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10059
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9873
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8891
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7420
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6682
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5454
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
3974
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3578
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us