Howdy all -
I have RTFM and STFW and I still can't get encryption to work. What I
good man! (for trying that is) bummer its not working yet...
finally ended up with from the PHP documentation is long, unwieldy, confusing, and doesn't work. I give up. I threw my big mess away and
you could have lived with the 'long, unwieldy, confusing' part no doubt!
would like to start from scratch.
does that mean you tried using the mcrypt extension? I guess it must do.
Could anyone point me to a web page or other documentation that shows a SIMPLE example of encryption? I need two-way encryption & decryption,
this tutorial (2 parts) at webmonkey does quite a good job of taking you thru it step by step: http://webmonkey.wired.com/webmonkey/programming/php/tutorials/tutorial1.html
also there has just been a thread on this list which might help you (in case you hadn't seen/read it)
subject: Data Encryption
started by: [EMAIL PROTECTED]
started on: 12-Jan-2005
AFAIKT though proper encryption and SIMPLE just don't go hand in hand.
on the other hand encryption and ''brainfreeze' were made for each other :-) if you ask me.
not a one-way hash. I'll be using this to obfuscate get parameters.
do you just want to obfuscate or is it important that content is actually secure?
I can imagine that the issue is compounded in your case by the fact that the GET params are pushed over the wire (which may garbble the encrypted strings - can anyone confirm/deny that hypothesis?) in which case use of url_encode()/url_decode() may need to be used to protect the integrity of the strings.
---
If the parameters are taken from a fixed list of values - e.g. columnnames for instance then maybe one-way encryption will work for you. for instance say you have a sortby GET param, you could take the columnnames of your table and hash them with md5sum() or sha1() and stick them into the relevant urls - then if/when a url comes back to the server the hash in the GET param could be checked against the hashes of the columnnames until you find a match - if you find a match you know which column was requested.
The example is contrived but hopefully you understand what I mean and you can determine whether this is a possibility for you.
---
Lastly you may have to ask yourself if it's necessary/feasable to do GET param encryption (in bang for buck kind of way). Unfortunately I can imagine that such a decision may have been made for you by some non-tehnical manager (it wouldn't be the first time!).... in which case arm yourself with a good argument and go batter him with it ;-)
Any pointers appreciated. Thanks all,
- Brian
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
