Simple solution: Generate a pseudo-random string of characters (or let him choose his own passphrase), and use this as a salt to encrypt your data before saving to your database. The passphrase must then be used to retrieve any information from the database.
Of course, all of this is completely useless if you don't use SSL for the entire request/response process. -J. On Oct 7, 3:50 am, titang <[EMAIL PROTECTED]> wrote: > Hi, > I would like to encrypt/decrypt data in my application regarding the > following requirements: > - The data will be decrypted by many users. > - I dont want to keep the secret password for decrypting the data of > each users in my application. > > Does someone have any idea about how can I do this ? And if there is > something already implemented for the cakephp framework? > > There is something pretty good, it is the gnupg project.http://www.gnupg.org/ > I did my first test by command line on Linux, and it seems really > good. > 1. First i have to generate one public key per users (from an uid and > a passphrase). > 2. Then i encrypt the data and specify which users can access the > data (by specifying the uid). > 3. And the authorized users can decrypt the data with their own > passphrase > > An extension gnupg is available for php. > What about a cakephp behavior using this extension? I think it could > be very useful. > > Any suggestions or helps are welcome ! > > Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
