best way to safe data on remote server?

[Free WordPress Themes]

Hi,

I need to safe / store some data id the database on a remote server.

the data is not very sensitive but need to be a little protected (that some kid stay outside )

what the best way to do that? using some encrypted string and post the data via a form

or posting the form via cURL using the password feature?

or something else?

[Join us @ facebook]

Using password is always better, but if you need security you should use an https connection or even encode the data.

[Free WordPress Themes]

thanks, but the data is not very sensitive (no need for SSL)

[Join us @ facebook]

In that case you can just use a curl request with some kind of password, but if there is any sniffer between those computers that could be a trouble

Yes, PHP has a good support for en- and decoding mechanism. Here's a class I've written to perform en- and decryption of strings (The class does also support en-/decoding of files but I stripped because it's not needed in this case):

Code:

<?php
  class EnDecryption
  {
      function __construct($algorithm = 'ofb')
      {
          $this->td = mcrypt_module_open('rijndael-256', '', $algorithm, '');
      }
      
      function __destruct()
      {
          @mcrypt_generic_deinit($this->td);
          mcrypt_module_close($this->td);
      }
      
      public function GenerateIv()
      {
          $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($this->td), MCRYPT_RAND);
          $iv = substr(md5(time().$iv), 0, mcrypt_enc_get_iv_size($this->td));
          return $iv;
      }
      
      public function EncryptString($data, $key, &$iv = '')
      {
        if (Empty($iv))
          $iv = $this->GenerateIv();
          
          $key = substr(md5($key), 0, mcrypt_enc_get_key_size($this->td));
          mcrypt_generic_init($this->td, $key, $iv);
          return base64_encode(mcrypt_generic($this->td, $data));
      }
      
      public function DecryptString($data, $key, &$iv = '')
      {
        if (Empty($iv))
          $iv = $this->GenerateIv();
          
          $key = substr(md5($key), 0, mcrypt_enc_get_key_size($this->td));
          mcrypt_generic_init($this->td, $key, $iv);
          return mdecrypt_generic($this->td,  base64_decode($data));
      }
  }
?>

[Free WordPress Themes]

nice class I guess this is very usefull for alot of us. Please add some explainig text / desciption and add this as a tutorial here:

http://www.webdigity.com/index.php?action=codex

(and get a free link to the homepage you entrered in your profile)

<?php

//Attention: You need to have mcrypt enabled in the php.ini!

if (!extension_loaded('mcrypt'))
{
  if (strtoupper(substr(PHP_OS,0,3)) == 'WIN')
  {
    if (!@dl('php_mcrypt.dll'))
    {
      die('Could not load php_mcrypt.dll');
    }
  }
  else
  {
    if (!@dl('mcrypt.so'))
    {
      die('Could not load mcrypt.so');
    }
  }
}

$string = 'Hello world!';
$key = 'webdigity.com';

//First you need to create a new instance of the class.
$class = new EnDecryption;

//To generate an IV, you might use GenerateIV but you can leave the following line because EncryptString()
//creates an IV if the third parameter was empty
$iv = $class->GenerateIv();

//To encrypt the string you need to pass EncryptString with the string to encode and your key
//Notice: If you didn't generate an IV and the variable $iv is empty, EncryptString will generate an IV for you
//            The third parameter (IV) is being passed by reference that means the third parameter's variable
//            will be assigned a generated IV.
$encrypted = $class->EncryptString($string, $key, $iv);

//$encrypted does now contain the encrypted string. Let's decode it.
$decoded = $class->DecryptString($encrypted, $key, $iv);

//A final comparision will show if everything worked as expected
if ($string == $decoded)
{
  echo 'Everything seems to work fine.';
}
else
{
  echo 'En-/Decoding failed.';
}

?>

I didn't test this code, so there might be some errors.

[Join us @ facebook]

Instead of this :

Code:

<?php
if (!extension_loaded('mcrypt'))
{
  if (strtoupper(substr(PHP_OS,0,3)) == 'WIN')
  {
    if (!@dl('php_mcrypt.dll'))
    {
      die('Could not load php_mcrypt.dll');
    }
  }
  else
  {
    if (!@dl('mcrypt.so'))
    {
      die('Could not load mcrypt.so');
    }
  }
}
?>

you can use this : (just a less code version)

Code:

<?php
if (!extension_loaded('mcrypt'))
{
    if (!@dl(strtoupper(substr(PHP_OS,0,3)) == 'WIN' ? 'php_mcrypt.dll' : 'mcrypt.so'))
      die('Could not load mcrypt');
}
?>

[Free WordPress Themes]

//Attention: You need to have mcrypt enabled in the php.ini!

that could be a problem for a lot of people with a shared hosting account!

Code:

<?php
if (!extension_loaded('mcrypt'))
{
    if (!@dl(strtoupper(substr(PHP_OS,0,3)) == 'WIN' ? 'php_mcrypt.dll' : 'mcrypt.so'))
      die('Could not load mcrypt');
}
?>

Good idea. I didn't use this possibility because this type of if-clauses are slower than "ordinary" if clauses. Loading differences >= 1 second(s) are noticeable if you call it about 1.000.000 times.

[Join us @ facebook]

No, those ifs are faster than the common if () else statements. I don't remember the site I read it, but there are benchmarks that point to that.

No, I read two days ago at freenode.org in #php.net (IRC) that the common if statements were faster. I'll do a benchmark later.

[Free WordPress Themes]

So Nick, he knocked you out hehe...

[Free WordPress Themes]

I use both of them depending on how long the code for the conditions is (make it readable)

... I think performance is important for websites with > 200 visitors an hour

[Guest]

[36.842]

Yahoo crawler, Googlebot, Msnbot, adsense, YMC, Baidu Spider, Olaf