Re: [PHP] encryption methods?
Butler, Shaun pressed the little lettered thingies in this order... > check out the crypt() function > > http://www.php.net/manual/en/function.crypt.php > > if you don't care about decrypting the password this works fine. > > --Shaun > Umm... You've misunderstood something. The reason why you would WANT to use mcrypt is because you CAN decrypt data that it has encrypted. For encryption: http://www.php.net/manual/en/function.mcrypt-encrypt.php For decryption: http://www.php.net/manual/en/function.mcrypt-decrypt.php I use mcrypt when I need to store data that must be encrypted in the DB, but must also be decrypted on the way out (including passwords and credit card numbers). The only reason you would need to decrypt passwords is if you want to view them or if you want to make it possible to have passwords mailed to people who forget theirs. If you don't need decrypt capabilities, most (all?) SQL database servers have support for one-way encryption. It's not efficient to store user data in "PHP scripts" (or any other script for that matter) as was stated in the initial message. If you have access to a database server, use it. Christopher Ostmo a.k.a. [EMAIL PROTECTED] AppIdeas.com Innovative Application Ideas Meeting cutting edge dynamic web site needs since the dawn of Internet time (1995) For a good time, http://www.AppIdeas.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] encryption methods?
check out the crypt() function http://www.php.net/manual/en/function.crypt.php if you don't care about decrypting the password this works fine. --Shaun On Friday 13 July 2001 15:26, Johnson, Kirk wrote: > One approach to password security is to put the passwords in a file outside > Document Root, then include that file in your scripts when you need a > password. > > Kirk > > > -Original Message- > > From: Adrian Teasdale [mailto:[EMAIL PROTECTED]] > > Sent: Friday, July 13, 2001 1:10 PM > > To: [EMAIL PROTECTED] > > Subject: [PHP] encryption methods? > > > > > > Hi all > > > > Encryption is not something that I have had dealings in with > > PHP. I have a > > potential client who wants to have customer account information (8000 > > records) stored on the internet (minus credit card > > information) and I was > > wondering what options I have for encryption. My concern is > > that by storing > > the password in php scripts, this means that all someone has > > to do is gain > > access to this to access the data. I'd be interested in > > other people's > > views and experiences with this. > > > > With thanks > > > > Ade > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: > > [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] encryption methods?
One approach to password security is to put the passwords in a file outside Document Root, then include that file in your scripts when you need a password. Kirk > -Original Message- > From: Adrian Teasdale [mailto:[EMAIL PROTECTED]] > Sent: Friday, July 13, 2001 1:10 PM > To: [EMAIL PROTECTED] > Subject: [PHP] encryption methods? > > > Hi all > > Encryption is not something that I have had dealings in with > PHP. I have a > potential client who wants to have customer account information (8000 > records) stored on the internet (minus credit card > information) and I was > wondering what options I have for encryption. My concern is > that by storing > the password in php scripts, this means that all someone has > to do is gain > access to this to access the data. I'd be interested in > other people's > views and experiences with this. > > With thanks > > Ade > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: > [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]