knowram Posted February 12, 2007 Share Posted February 12, 2007 I have been looking for a good simple tutorial about cookie encription. I have been useing the php setcookie function but I would like to encript the cookeis before I set them. Can anyone point me to a site? Thanks a bunch Link to comment https://forums.phpfreaks.com/topic/38092-cookie-encryption/ Share on other sites More sharing options...
fert Posted February 12, 2007 Share Posted February 12, 2007 read up on XOR encryption Link to comment https://forums.phpfreaks.com/topic/38092-cookie-encryption/#findComment-182363 Share on other sites More sharing options...
ToonMariner Posted February 12, 2007 Share Posted February 12, 2007 Alternatively NEVER send out any sensitive information in a cookie. If you have a site that deals with finacial transactions or contacting others (where legal action could ensue) then require users to login on each visit. Link to comment https://forums.phpfreaks.com/topic/38092-cookie-encryption/#findComment-182367 Share on other sites More sharing options...
knowram Posted February 12, 2007 Author Share Posted February 12, 2007 I don't think just having them logon is good enough the info can still be intersepted and read. That is what I am trying to avoid. Idealy I would like to have every bit of info that is sumited in a form encripted in som way so that it can't be read by somone with a packet sniffer. I don't know if this is even posible without just using SSL. Link to comment https://forums.phpfreaks.com/topic/38092-cookie-encryption/#findComment-182451 Share on other sites More sharing options...
ToonMariner Posted February 13, 2007 Share Posted February 13, 2007 Every piece of info that traverses the web is availabel for interception. SSL uses encryption keys that should not be available to anyone else as the 2 machines talk to each other and develop a temporary key based on their chat. Any other method of encryption is open to decryrption in axactly the same manner as you would have to decrypt the info on your server to make any use of it. You have to consider who important the info is, does it really need encryption, how secure does it have to be, does it matter if anyone gets this.... SSL is pretty secure anything else isn't end of. Link to comment https://forums.phpfreaks.com/topic/38092-cookie-encryption/#findComment-183530 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.