Posted by Andy Jeffries on 05/10/06 00:06

On Tue, 09 May 2006 13:50:27 -0700, marcelo6@gmail.com wrote:
> What is more secure ?
>
> I think encrypt data directly with php is better because the information
> is sent directly encrypted to database server, but i not sure.

I would hope for a given algorithm they are equally secure...

Either way you have to have the key in the script, so I'd say whichever
takes your fancy.

It then depends on if your database and PHP are on the same machine and if
not, how secure is the network between the two.

Cheers,


Andy

> Encrypt data using php functions before send it to database (mysql), or
> Encrypt directly on database, using encryption functions of database
> server ?
>
> Ex:
>
> $key = "this is a secret key";
> $input = "Let us meet at 9 o'clock at the secret place."; ---
> $encrypted_data = mcrypt_ecb (MCRYPT_AES, $key, $input, MCRYPT_ENCRYPT);
> or
> $query = "insert into myTable (text)
> values(AES_ENCRYPT('".$input."','".$key."'))";

>
> Thanks

--
Andy Jeffries MBCS CITP ZCE | gPHPEdit Lead Developer
http://www.gphpedit.org | PHP editor for Gnome 2
http://www.andyjeffries.co.uk | Personal site and photos

[Back to original message]