NYCPHP Meetup

NYPHP.org

[nycphp-talk] Secure Data

Analysis & Solutions danielc at analysisandsolutions.com
Fri Jul 18 00:00:53 EDT 2003


Ladies (there are at least SOME women on the list, right?) & Gentlemen:

On Thu, Jul 17, 2003 at 09:36:18PM -0400, Hans Zaunere wrote:
> 
> But keep in mind; if the server on which the key resides is compromised, 
> the game's over.

Hmm...  This got me to thinking.  It'd be nice to have GPG built into PHP 
to avoid use of program execution functions.  In the mean time, 
proc_open() is handy.

With GPG and PGP, you can encrypt stuff with a public key then decrypt it 
with the private key.  The private key is password protected, but the 
public key isn't.  So, an automated process can encrypt the stuff on the 
way in.  To get stuff out, submit the password via a secure form.

While this isn't the right process for all situations, it can be useful.

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409



More information about the talk mailing list