1. Am I storing personally identifiable information (eg. Names, addresses, phone numbers, email addresses, credit card data)?
2. Will this data be stored in a text file or database?
3. Is this text file or database directly connected to the internet?
4. What type of data am I trying to protect?
Answer these questions and you will know if you need to use public/private key encryption technology in your application.
You are currently interested (from your post) in encrypting the data link layer of your website using SSL (Secure Socket Layer).
The SSL or lock icon as you pointed out only encrypts data in a streaming manner (eg. when I click the submit button my username / password combination gets passed to the SSL protocol and wrapped in a layer of encryption to be decoded on the server).
If you are storing data in a text file / database that would be a "yes" answer to the 4 quesitons listed above I would recommend using some sort of public / private key encrytion. PHP has several encryption functions for your use and links are listed below.
When in doubt consult the manual at php.net. http://us4.php.net/manual/en/function.base64-encode.php http://us4.php.net/manual/en/function.base64-decode.php http://us4.php.net/manual/en/function.crypt.php http://us4.php.net/manual/en/ref.mcrypt.php
Also a great recommendation... google.com is your friend you can find all sorts of good tips locating information on various encryption techniques and definitions. A great primer on public / private encrytion vs. one-way encryption can be found here...
http://www.webopedia.com/TERM/e/encryption.html
This site gives you basics of encryption and how it works. http://computer.howstuffworks.com/encryption.htm
SSL information can be found here. http://www.webopedia.com/TERM/S/SSL.html
Hope this helps Jas
Chris Mach wrote:
Greetings,
I'm working on a project that involves a password protected area of a website. Some one also involved brought up the point that this area should be secure (Whit the lock icon indicating it is encrypted).
In this particular project the password protected area will be a quote generating system for a company. Users would log in and choose the products they are interested in purchasing and the site would generate a quote depending on what they selected from the list of products.
So my question is..
At what point is encryption necessary? I've always thought encryption was only needed when dealing with stuff like credit card information, am I wrong?
How secure is a password protected page done with just PHP?
Thanks Chris
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
