In my (PHP-5) application I have to write some records to a table in my
database, which I don't want even my clients using the system to be able
to read.
This is not a problem in National Security; I simply want the contents
of records in this file to remain unreadable, even by the client's IT
supervisor who can look at the contents of the (MySQL) database using
phpMyAdmin.
I intend, periodically, to download these records to my local machine,
where I plan to decrypt and analyse them.
I am running my application on a commercial Web server where the wcrypt
(?) library has not been implemented.
What do I do?
I think I need an asymmetric encryption algorithm so that I can decrypt
the records locally without providing any hints on keys to the Web
Server, and I would ideally like look for something implemented as a PHP
Class on the Web Server so that I do not impinge on the limitations of
his PHP installation.
Help, please.
9  2430 
Alan M Dunsmuir wrote:
This is not a problem in National Security; I simply want the contents
of records in this file to remain unreadable, even by the client's IT
supervisor who can look at the contents of the (MySQL) database using
phpMyAdmin.
They'll have the DB. They'll have your code. They'll have the encription
keys.
Eventually, you'll realize that hiding the data from your clients is pretty
useless (unless you want to lock your client down, which is a Bad Thingâ„¢,
and still useless).
--
----------------------------------
Iván Sánchez Ortega -ivan-algarroba-sanchezortega-punto-es-
El que a muchos teme, de muchos es temido.- Saavedra Fajardo.
On Nov 12, 1:29*pm, Iván Sánchez Ortega <ivansanchez-...@rroba-
escomposlinux.-.punto.-.orgwrote:
Alan M Dunsmuir wrote:
This is not a problem in National Security; I simply want the contents
of records in this file to remain unreadable, even by the client's IT
supervisor who can look at the contents of the (MySQL) database using
phpMyAdmin.
They'll have the DB. They'll have your code. They'll have the encription
keys.
Eventually, you'll realize that hiding the data from your clients is pretty
useless (unless you want to lock your client down, which is a Bad Thing™,
and still useless).
--
----------------------------------
Iván Sánchez Ortega -ivan-algarroba-sanchezortega-punto-es-
El que a muchos teme, de muchos es temido.- Saavedra Fajardo.
You could just make the data seem very boring and innocuous. A column
called "top_secret " will attract prying eyes.
Thomas
>This is not a problem in National Security; I simply want the contents
>of records in this file to remain unreadable, even by the client's IT
supervisor who can look at the contents of the (MySQL) database using
phpMyAdmin.
They'll have the DB. They'll have your code. They'll have the encription
keys.
If you use public-key encryption such as RSA, they'll have the DB,
they'll have your code, and they'll have your public key. That's
not enough to decrypt the data once it's encrypted and the unencrypted
copy is erased. The private key is needed, and presumably that never
appears on the web/PHP server or the DB server.
This does not prevent them from modifying your code (or perhaps OS
or PHP code used by your code) to log an unencrypted copy of your
data someplace where they can read it. Or they could replace your
public key with theirs (but then you couldn't read your data).
On Nov 12, 8:00*pm, Alan M Dunsmuir <a...@moonrake. demon.co.ukwrot e:
In my (PHP-5) application I have to write some records to a table in my
database, which I don't want even my clients using the system to be able
to read.
This is not a problem in National Security; I simply want the contents
of records in this file to remain unreadable, even by the client's IT
supervisor who can look at the contents of the (MySQL) database using
phpMyAdmin.
I intend, periodically, to download these records to my local machine,
where I plan to decrypt and analyse them.
I am running my application on a commercial Web server where the wcrypt
(?) library has not been implemented.
What do I do?
I think I need an asymmetric encryption algorithm so that I can decrypt
the records locally without providing any hints on keys to the Web
Server, and I would ideally like look for something implemented as a PHP
Class on the Web Server so that I do not impinge on the limitations of
his PHP installation.
Help, please.
Thats why AES_ENCRYPT() and AES_DECRYPT() mysql functions stands for..
This is a database question for more info, go and ask Comp.Mysql.*
and www.mysql.com
You can not use PHP for an encryption-decryption algo. as php source
files stand ready to read in the server..
There is a encryption - decryption function in a post so search this
group carefully..
"703designs " <th**********@g mail.comschreef in bericht
news:90******** *************** ***********@s9g 2000prg.googleg roups.com...
You could just make the data seem very boring and innocuous. A column
called "top_secret " will attract prying eyes.
So you have one column 'top_secret', containing interesting looking garbage,
and one innocent name containing the real stuff :-)
Seriously: Would I encounter someone on my team who thinks he needs to hide
something from me, I would want to know 'what and why'. I would probably not
need to ask 'how long', as that would be my discretion and it would not be
long lasting.
On Wed, 12 Nov 2008 14:32:23 -0800 (PST), Betikci Boris
<pa*****@gmail. comwrote:
>
Thats why AES_ENCRYPT() and AES_DECRYPT() mysql functions stands for..
This is a database question for more info, go and ask Comp.Mysql.*
and www.mysql.com
asymetric he said
Gordon Burditt wrote:
If you use public-key encryption such as RSA, they'll have the DB,
they'll have your code, and they'll have your public key.
I'm assuming that the application will write *and* read data from the DB.
Thus (in this scenario), they'll have the DB, they'll have the code,
they'll have the public key, and they'll have the private key.
I agree with most of the replies in the thread so far. And I do recommend
anyone that wants to do some gratuitous encription to feel safer (that's
you, Alan) to read some literature by Kevin Mitnick and Bruce Schneier. I
mean it.
Cheers,
--
----------------------------------
Iván Sánchez Ortega -ivan-algarroba-sanchezortega-punto-es-
Proudly running Debian Linux with 2.6.26-1-amd64 kernel, KDE 3.5.9, and PHP
5.2.6-5 generating this signature.
Uptime: 23:49:28 up 83 days, 12:45, 4 users, load average: 0.36, 0.52,
0.61
On 12 Nov, 22:32, Betikci Boris <pard...@gmail. comwrote:
On Nov 12, 8:00 pm, Alan M Dunsmuir <a...@moonrake. demon.co.ukwrot e:
In my (PHP-5) application I have to write some records to a table in my
database, which I don't want even my clients using the system to be able
to read.
This is not a problem in National Security; I simply want the contents
of records in this file to remain unreadable, even by the client's IT
supervisor who can look at the contents of the (MySQL) database using
phpMyAdmin.
I intend, periodically, to download these records to my local machine,
where I plan to decrypt and analyse them.
I am running my application on a commercial Web server where the wcrypt
(?) library has not been implemented.
What do I do?
I think I need an asymmetric encryption algorithm so that I can decrypt
the records locally without providing any hints on keys to the Web
Server, and I would ideally like look for something implemented as a PHP
Class on the Web Server so that I do not impinge on the limitations of
his PHP installation.
Help, please.
Thats why AES_ENCRYPT() and AES_DECRYPT() mysql functions stands for..
This is a database question for more info, go and ask Comp.Mysql.*
andwww.mysql.co m
You can not use PHP for an encryption-decryption algo. as php source
files stand ready to read in the server..
There is a encryption - decryption function in a post so search this
group carefully..
Wrong on both counts.
The MySQL implemented algorithms are both symmetric therefore you
can't use them without exposing the decryption key.
There's nothing to stop you using assymetric (pub key) encryption -
IIRC there are a couple of pure PHP implementations of RSA
C.
C. ( http://symcbean.blogspot.com/) wrote:
>
There's nothing to stop you using assymetric (pub key) encryption -
IIRC there are a couple of pure PHP implementations of RSA
C.
How I love this NewsGroup!
I tend to get very good technical information from it (Thanks, Colin
McKinnon - a great Scots name, by the way! - for the definitive answer
this time), but as usual I have had to wade through a morass of
sanctimonious and plain mis-directing twaddle to get there.
From "I can't see why you would want to keep anything hidden from your
clients" (I'd keep my lack of ability at lateral thinking a bit less
public, if I were you, lad), through "there are a couple of MySQL
functions to do what you want" (where had I even mentioned MySQL, and
shouldn't you learn the difference between symmetric and asymmetric key
systems before you pontificate?) to "I don't believe PHP can handle
asymmetric keys - they're too computing intensive".
As it happens, Kaled al-Shamaa has published a perfectly acceptable
implementation of RSA at www.phpclasses.org/browse/package/4121.html.
Just because he chooses to use sample sentences for encoding which are
written in Arabic doesn't mean definitvely that he is an al-Qaeda agent,
guys. He's not going to take over your machines. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Jerry |
last post by:
Hi,
I am writing a Java Chatroom application that will implement
encryption of messages using the RSA algorithm using the BigInteger
class. It uses socket connections to exchange messages.
I have managed to generated the Private and Public keys and
exchanged public keys and modulus between the clients and server.
Please could someone advise me how encrypt a short message, pass the
encrypted message across a socket connection and then...
|
by: Dan V. |
last post by:
Situation:
I have to connect with my Windows 2000 server using VS.NET 2003 and C# and
connect to a remote Linux server at another company's office and query their
XML file. Their file may be updated every hour or so. How can I do this
easily? I would like to use secure communication even encryption if
possible. I would query and insert locally only the newest records found in
that XML file to an xml or MS access db.
|
by: Bonj |
last post by:
I downloaded the gzlib library from zlib in order to do compression.
(http://www.gzip.org/zlib)
The prototype of the compression function seems to be
int compress (Bytef *dest, uLongf *destLen, const Bytef *source, uLong
sourceLen);
It is meant to be called by C, but I would rather use it from C#.
So I wrote the following C# program to test it, but it failed to work. The
call to compress doesn't return or throw an exception, it simply...
|
by: Bart |
last post by:
Dear all,
I would like to encrypt a large amount of data by using public/private keys,
but I read on MSDN:
"Symmetric encryption is performed on streams and is therefore useful to
encrypt large amounts of data. Asymmetric encryption is performed on a small
number of bytes and is therefore only useful for small amounts of data."
There is not possibility to do it? I have tried to encrypt a 300kB file by
RSA Algorithm, but I received...
|
by: Charlie |
last post by:
Hi:
My host will not allow me use a trusted connection or make registry setting,
so I'm stuck trying find a way to hide connection string which will be
stored in web.config file. If I encrypt string externally, can it be used
in it's encrypted form to connect to SQL Server? If I decrypt back to
string for use in connection string during runtime, I have to supply a key.
If I do that, hacker could use key to break encryption. How do I...
| | |
by: Bernard Dhooghe |
last post by:
The information center writes:
"Encryption Algorithm: The internal encryption algorithm used is RC2
block cipher with padding, the 128-bit secret key is derived from the
password using a MD2 message digest.
"
and also explains how the length of the encrypted column can be
derived.
|
by: The Big Fat Sloppy Pig! |
last post by:
x-no-archive: yes
Hi All:
I'm sort of "new" to doing this so I was wondering if anyone can offer some
additional insight/suggestions.
I've created a web-service that will be receiving some customer-critical
information. I've written both the client application and the web-service.
We need to make sure the data is "non-translatable" as much as possible.
|
by: shuaibali |
last post by:
Hello,
I just wanted to inquire if all the cipher suite Cipher Algorithm types (specifically AES group) are usable in .Net framework or not. According to my understanding, AES ciphers are still not recognized by the .Net environment. I just wanted to ask if AES 64, 128, 256, etc. are available in the .Net framework to work with or not.
I have pasted some relevant posts from the other forums below:
Post 1:
CryptoAPI AES 128bit for SSL stream...
|
by: almobde3 |
last post by:
i really need your help on encryption using one and two ways encryption.
I have a log in form where the user should put their user name and password , To pass security a user must provide their UserId. That UserId must then match the UserId on record in the file XXX.sys that is located in the \User\ directory of the user’s USB drive. That file includes the user’s UserId and Passcode separated by a comma and written using the three digit...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
