DarkHavn Posted September 20, 2006 Share Posted September 20, 2006 Was just wondering your regards and feedback on this one.Things like ssl on a webpage, 128bit encryption on websites that handle sensitive data like credit card numbers and such.Do you guys prefer, or recomend anything?Should i rely on php for this, or something else?Just thought i would get some feedback on this before i go ahead with anything.Cheers Link to comment https://forums.phpfreaks.com/topic/21468-adding-encryption-to-a-website/ Share on other sites More sharing options...
markbett Posted September 20, 2006 Share Posted September 20, 2006 ssl isnt a feature of php its something that runs on the webserver Link to comment https://forums.phpfreaks.com/topic/21468-adding-encryption-to-a-website/#findComment-95691 Share on other sites More sharing options...
DarkHavn Posted September 20, 2006 Author Share Posted September 20, 2006 Lol, sorry should of been more descriptive of what i was meaning, Yeah ssl is apart of the server that is running apache or depending on your flavour.Guess what i was truley meaning is, is there any means or methods you guys recomend of encryption via php if that is possible at all? Link to comment https://forums.phpfreaks.com/topic/21468-adding-encryption-to-a-website/#findComment-95693 Share on other sites More sharing options...
AdRock Posted September 20, 2006 Share Posted September 20, 2006 I encrypt passwords using md5 Link to comment https://forums.phpfreaks.com/topic/21468-adding-encryption-to-a-website/#findComment-95734 Share on other sites More sharing options...
tomfmason Posted September 21, 2006 Share Posted September 21, 2006 I am suprised that this has not be posted before. Normaly when it comes to a question in reguards to security, of any kind, there are a thousand posts.There are a couple ways of encrypting the sensitive data. here is an example function that would encrypt the data before passing it to a database.[code]<?php$cc_number = "0000000000000000";function encryptData($data) { $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $key = "your_key"; $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv); return $crypttext;}$encypted_cc = encryptData($cc_number);// now you can pass the encrypted data to the db// and here is a function for decrypting the data.fuction decryptData($data) { $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $key = "your_key"; $decrypted_data = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv); return $decrypted_data;}//here is a simple sql call to get the encrypted cc number$sql = mysql_query("SELECT * FROM `your_table` WHERE `something` = '$something'");while ($rw = mysql_fetch_assoc($sql)) { $cc_number = decyptData($rw['cc_number']);}?>[/code]Now as far as the key goes. I randomly generate a key and then on a couple of random days each month I decrypt all of the encrypted data in the db and then encypt it again with a new random key. I then store the key in another function. This may be over kill but what the hell, I am responsible for that data. So I will try my best to secure it to the best of my ability.I hope that this helps. If anyone has any suggestions on a better way to encrypt the data or a fault in my script, please feel free to reply.Thanks,Tom Link to comment https://forums.phpfreaks.com/topic/21468-adding-encryption-to-a-website/#findComment-95762 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.