#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    NYC, USA
    Posts
    17
    Rep Power
    0
    Can someone help me out with an encryption program for encrypting the cookie values.
    This i thought would ensure safety.
  2. #2
  3. Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    49
    Rep Power
    14
    just a short note to say i'd be interested too if anyone has anything ;p

    thx

    nik
  4. #3
  5. No Profile Picture
    Robert_J_Sherman
    Guest
    Devshed Newbie (0 - 499 posts)
    You might try passing the values through crypt() or mcrypt()...

    just a thought, not sure how well it would work.

    ------------------
    SnR Graphics,
    Low Cost Hosting and Web Development.
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Posts
    1
    Rep Power
    0
    To use crypt, you will need to have it enabled when compiling PHP and to do so it requires special libraries. If you are not in control of the PHP compilation, then very likely this feature is missing. (In my experience it often is.) More often, then "md5" command is available. There is a great tutorial on PHPbuilder.com on secure login using this command and cookies by Tim Perdue.

    Cheers

    Marc

  8. #5
  9. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    NYC, USA
    Posts
    17
    Rep Power
    0
    Thanks marcb. But don't you think that it would be easier for the troublemaker if i use "md5". If some other logic strikes pls let me know.
  10. #6
  11. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,640
    Rep Power
    4476
    i'm not sure if you know this or not, but crypt() and md5() are one way algorithms. you can't get the original value back. this works fine for logins, because you just crypt whatever you draw out of the database and compare the two crypted values to see if they match.

    mcrypt() offers two way encryption, but like someone else said, it has to be compiled into php.

    ---John Holmes...
  12. #7
  13. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Location
    NYC, USA
    Posts
    17
    Rep Power
    0
    Thanks a lot Mr.John Holmes. Could you explain how difficult is it to compile mcrypt() in php.
  14. #8
  15. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,640
    Rep Power
    4476
    I've never compiled php, so I'm not sure. It depends on your operating system and web server....

  16. #9
  17. No Profile Picture
    ledjon
    Guest
    Devshed Newbie (0 - 499 posts)
    The best thing to do is to just use md5() and when you need to compare a user/password just md5() the input on to the one in the database (as someone explained above).
  18. #10
  19. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    21
    Rep Power
    0
    If you have the mcrypt libs installed its not hard to get PHP to work with mcrypt (just add --with-mcrypt to ./configure I belive)

    If you do use mcrypt here's a tip. base64_encode the encrypted value befor you enter it into the database! A project I worked on for work had me encrypt a large amount of data and put it into a database. The database didn't like handleing the encrypted data because it was a really strange line of text, and doing an addslahes screwed up mcrypt when I tried to decrypt (even when I stripslahes'ed) once I base64 encoded everything my problems went away

    Just a tip



    ------------------
    - theFinn
    http://www.totalgeek.org
  20. #11
  21. No Profile Picture
    Robert_J_Sherman
    Guest
    Devshed Newbie (0 - 499 posts)
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by ntrilok:
    Can someone help me out with an encryption program for encrypting the cookie values.
    This i thought would ensure safety.
    [/quote]

    You know, call me a little nuts, but I have a thought on this one...

    If you're working with a mySQL database, then you could always work like so..

    first, you insert the data into say, and "access" table.. store the username/password, or whatever data you are wanting to encrypt into your database using mysql's PASSWORD() function.

    Now, you've got your encrypted data.

    step 2, pull the value of that "encrypted" data, this will give you the encrypted string, issue your cookie.

    step 3, when you check the data, you grab the cookie variables data, and compare it to the string in the "access" table.

    problem solved.

    no need to worry about crypt() or mcrypt() is installed on your server.

    you've got your encrypted string, you've got it sent to a cookie, etc.

    no, I haven't tried this, and in theory I can't see why it wouldn't work.


    ------------------
    SnR Graphics,
    Low Cost Hosting and Web Development.

Similar Threads

  1. Replies: 3
    Last Post: March 5th, 2004, 08:08 AM
  2. Placing user-entered data into cookie
    By Tyrone in forum Perl Programming
    Replies: 2
    Last Post: February 17th, 2004, 04:31 PM
  3. Zip code validation
    By krwyth in forum MySQL Help
    Replies: 2
    Last Post: January 5th, 2004, 01:29 PM
  4. Finding the name of a cookie
    By soon in forum Java Help
    Replies: 1
    Last Post: November 6th, 2003, 12:51 PM
  5. w3c strict errors (10), css, and js questions
    By WorldBuilder in forum CSS Help
    Replies: 12
    Last Post: November 6th, 2003, 04:48 AM

IMN logo majestic logo threadwatch logo seochat tools logo