Reply to Re: [PHP] Help with encryption

Your name:

Reply:


Posted by Jochem Maas on 01/14/05 04:08

Brian Dunning wrote:
> Howdy all -
>
> I have RTFM and STFW and I still can't get encryption to work. What I

good man! (for trying that is) bummer its not working yet...

> finally ended up with from the PHP documentation is long, unwieldy,
> confusing, and doesn't work. I give up. I threw my big mess away and

you could have lived with the 'long, unwieldy, confusing' part no doubt!

> would like to start from scratch.

does that mean you tried using the mcrypt extension? I guess it must do.

>
> Could anyone point me to a web page or other documentation that shows a
> SIMPLE example of encryption? I need two-way encryption & decryption,

this tutorial (2 parts) at webmonkey does quite a good job
of taking you thru it step by step:
http://webmonkey.wired.com/webmonkey/programming/php/tutorials/tutorial1.html

also there has just been a thread on this list which might help you (in
case you hadn't seen/read it)
subject: Data Encryption
started by: shaunthornburgh@hotmail.com
started on: 12-Jan-2005

AFAIKT though proper encryption and SIMPLE just don't go hand in hand.
on the other hand encryption and ''brainfreeze' were made for each other
:-) if you ask me.

> not a one-way hash. I'll be using this to obfuscate get parameters.

do you just want to obfuscate or is it important that content is
actually secure?

I can imagine that the issue is compounded in your case by the fact that
the GET params are pushed over the wire (which may garbble the encrypted
strings - can anyone confirm/deny that hypothesis?) in which case use of
url_encode()/url_decode() may need to be used to protect the integrity
of the strings.

---

If the parameters are taken from a fixed list of values - e.g.
columnnames for instance then maybe one-way encryption will work for
you. for instance say you have a sortby GET param, you could take the
columnnames of your table and hash them with md5sum() or sha1() and
stick them into the relevant urls - then if/when a url comes back to the
server the hash in the GET param could be checked against the hashes of
the columnnames until you find a match - if you find a match you know
which column was requested.
The example is contrived but hopefully you understand what I mean and
you can determine whether this is a possibility for you.

---

Lastly you may have to ask yourself if it's necessary/feasable to do GET
param encryption (in bang for buck kind of way). Unfortunately I can
imagine that such a decision may have been made for you by some
non-tehnical manager (it wouldn't be the first time!).... in which case
arm yourself with a good argument and go batter him with it ;-)

>
> Any pointers appreciated. Thanks all,
>
> - Brian
>

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация