472,793 Members | 2,173 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > php/mysql encryption/protection of sensitive info

Join Bytes to post your question to a community of 472,793 software developers and data experts.

PHP/MySQL encryption/protection of sensitive info

Hello all.

I'm currently working on a new site that encompasses the registration
of members. The registration is taking place through PHP interaction
with MySQL. The site is just going to be for my friends and I, but I
have run into an issue that I have often wondered about before. Any
insight would be appreciated.

The database contains semi-sensitive information. Not CC numbers, but
think more like usernames/passwords to other sites. I've done sites
before in which I would create user accounts/passwords. In that case,
I would just to straight encryption, and then decipher the input
password against the db encrypted one to verify login credentials. No
problem. But, what about the case in which my underlying programs
will need to use the usernames/passwords that are in the database
(exactly as they appear) to POST logins to other sites using that
information?

Ideally, I want to keep the info as secure and protected as possible
in the database. I can't really encrypt() the passwords because I
need to decrypt them again in order to POST them on respective sites
for respective users. I don't think that's how it works when you
encrypt since the idea is not to be able to decrypt with ease.

Do I need to write my own encryption function? The idea of storing
unencrypted semi-sensitive information makes both me and my friends
nervous.

Any thoughts on how to tackle this?

Thanks in advance,
Chris
Jul 16 '05 #1
1 9692
Hello,

On 07/09/2003 10:04 AM, Chris wrote:
I'm currently working on a new site that encompasses the registration
of members. The registration is taking place through PHP interaction
with MySQL. The site is just going to be for my friends and I, but I
have run into an issue that I have often wondered about before. Any
insight would be appreciated.

The database contains semi-sensitive information. Not CC numbers, but
think more like usernames/passwords to other sites. I've done sites
before in which I would create user accounts/passwords. In that case,
I would just to straight encryption, and then decipher the input
password against the db encrypted one to verify login credentials. No
problem. But, what about the case in which my underlying programs
will need to use the usernames/passwords that are in the database
(exactly as they appear) to POST logins to other sites using that
information?

Ideally, I want to keep the info as secure and protected as possible
in the database. I can't really encrypt() the passwords because I
need to decrypt them again in order to POST them on respective sites
for respective users. I don't think that's how it works when you
encrypt since the idea is not to be able to decrypt with ease.

Do I need to write my own encryption function? The idea of storing
unencrypted semi-sensitive information makes both me and my friends
nervous.


There isn't much you can do because if the user of your scripts can read
the passwords from somewhere, anybody logging as that user can access
the data from those scripts. Encription won't help because you still
have to decrypt and pass it to MySQL. Actually encryption will make it
slower because decryption takes time.

What you may want to do to make it more difficult is to use an encoder.
Encoders do not use encryption, just compile your scripts and encode the
resulting byte codes in binary format. The side effect is that encoded
scripts run faster because they just load pre-compiled scripts.

There are several commercial solutions but you can use also use Turck a
free encoder/loader without real disadvantages compared to commercial
solutions:

http://www.turcksoft.com/en/e_mmc.htm

Here you may even find a Web frontend to compile and encode your scripts:

http://www.phpclasses.org/phpcoder

--

Regards,
Manuel Lemos

Free ready to use OOP components written in PHP
http://www.phpclasses.org/

Jul 16 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
PHP, MySQL and snippets of info ...
by: elyob | last post by:
Hi, I'm looking at storing snippets of details in MySQL about what credit cards a business excepts. Rather than have a whole column for Visa, another for Amex etc ... I am looking at having a...
PHP
7
Encryption: can't someone use a memory viewing program to see my k
by: B Maxey | last post by:
I have been working with encryption. And it seems to me that the IV and Key are the only things you need to decrypt my data. I can obfuscate, but my program still needs to 'call' the framework...
C# / C Sharp
7
Any suggestions for what encryption method to use for sensitive database values?
by: Alan Silver | last post by:
Hello, I am writing a page where sensitive data is collected (over SSL) and stored in a database. I have been looking at the .NET encryption classes, but am a bit confused as to which is best...
ASP.NET
3
Asp.net 2.0 deployment with encryption
by: Chuck P | last post by:
I need to deploy and asp.net 2.0 application that has dpapi/machine encrypted connection strings. I tried using the VS Build Publish menu selection and then putting the encryption in the...
ASP.NET
2
mysql encryption tutorial?
by: veg_all | last post by:
The documentation for using encyption with mysql does not seem to have any easy to follow examples. Anyone know of one? I am surprised there does not seem much out there on this. I googled mysql...
PHP
7
Encryption of application configuration block
by: Steven Cliff | last post by:
I have started to use the new Enterprise Library (Jan 06) and have set up a skeleton project using the DAAB. This all seems to work fine apart from when I come to secure the app.config file via...
.NET Framework
9
nooB PhP login using MySQL
by: Ben | last post by:
Hello, I'll bet this has been asked a million times but I can't seem to find a thread that gives the clear example I need. This PC has MySQL and IIS configured and running. The MySQL database is...
PHP
19
Proposal for Lite Encryption for Login Form without SSL
by: klenwell | last post by:
Another request for comments here. I'd like to accomplish something like the scheme outlined at this page here: http://tinyurl.com/3dtcdr In a nutshell, the form uses javascript to hash...
PHP
7
Cookie encryption?
by: Walter Sobchak | last post by:
The connection is ssl encrypted and I need to write some sensitive information in a cookie. I'd like to encrypt the cookie on the client so it could be decrypted later on the server. 1. If I use...
Javascript
0
Steps manually installing IntelliJ IDEA.
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
General
0
How to insert a new record in a database
by: Taofi | last post by:
I try to insert a new record but the error message says the number of query names and destination fields are not the same This are my field names ID, Budgeted, Actual, Status and Differences ...
DB2 Database
14
DJRhino1175
Cancel Print Action if Sub form has No Records
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
Microsoft Access / VBA
0
Python code for finding the longest common subsequence
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
Python
5
To verify entry of a dropdown
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
Microsoft Access / VBA
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
0
How does React native implement an English player?
by: lllomh | last post by:
How does React native implement an English player?
Mobile Development
0
How to calculate date of retirement from date of birth
by: Mushico | last post by:
How to calculate date of retirement from date of birth
Data Management
2
Windows 11 and Access Combo Box Issue
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!