best way to safe data on remote server?

Hi,

I need to safe / store some data id the database on a remote server.

the data is not very sensitive but need to be a little protected (that some kid stay outside )

what the best way to do that? using some encrypted string and post the data via a form

or posting the form via cURL using the password feature?

or something else?

[Join us @ facebook]

Using password is always better, but if you need security you should use an https connection or even encode the data.

thanks, but the data is not very sensitive (no need for SSL)

[Join us @ facebook]

In that case you can just use a curl request with some kind of password, but if there is any sniffer between those computers that could be a trouble

Yes, PHP has a good support for en- and decoding mechanism. Here's a class I've written to perform en- and decryption of strings (The class does also support en-/decoding of files but I stripped because it's not needed in this case):

Code:

<?php
  class EnDecryption
  {
      function __construct($algorithm = 'ofb')
      {
          $this->td = mcrypt_module_open('rijndael-256', '', $algorithm, '');
      }
      
      function __destruct()
      {
          @mcrypt_generic_deinit($this->td);
          mcrypt_module_close($this->td);
      }
      
      public function GenerateIv()
      {
          $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($this->td), MCRYPT_RAND);
          $iv = substr(md5(time().$iv), 0, mcrypt_enc_get_iv_size($this->td));
          return $iv;
      }
      
      public function EncryptString($data, $key, &$iv = '')
      {
        if (Empty($iv))
          $iv = $this->GenerateIv();
          
          $key = substr(md5($key), 0, mcrypt_enc_get_key_size($this->td));
          mcrypt_generic_init($this->td, $key, $iv);
          return base64_encode(mcrypt_generic($this->td, $data));
      }
      
      public function DecryptString($data, $key, &$iv = '')
      {
        if (Empty($iv))
          $iv = $this->GenerateIv();
          
          $key = substr(md5($key), 0, mcrypt_enc_get_key_size($this->td));
          mcrypt_generic_init($this->td, $key, $iv);
          return mdecrypt_generic($this->td,  base64_decode($data));
      }
  }
?>

nice class I guess this is very usefull for alot of us. Please add some explainig text / desciption and add this as a tutorial here:

http://www.webdigity.com/index.php?action=codex

(and get a free link to the homepage you entrered in your profile)

<?php

//Attention: You need to have mcrypt enabled in the php.ini!

if (!extension_loaded('mcrypt'))
{
  if (strtoupper(substr(PHP_OS,0,3)) == 'WIN')
  {
    if (!@dl('php_mcrypt.dll'))
    {
      die('Could not load php_mcrypt.dll');
    }
  }
  else
  {
    if (!@dl('mcrypt.so'))
    {
      die('Could not load mcrypt.so');
    }
  }
}

$string = 'Hello world!';
$key = 'webdigity.com';

//First you need to create a new instance of the class.
$class = new EnDecryption;

//To generate an IV, you might use GenerateIV but you can leave the following line because EncryptString()
//creates an IV if the third parameter was empty
$iv = $class->GenerateIv();

//To encrypt the string you need to pass EncryptString with the string to encode and your key
//Notice: If you didn't generate an IV and the variable $iv is empty, EncryptString will generate an IV for you
//            The third parameter (IV) is being passed by reference that means the third parameter's variable
//            will be assigned a generated IV.
$encrypted = $class->EncryptString($string, $key, $iv);

//$encrypted does now contain the encrypted string. Let's decode it.
$decoded = $class->DecryptString($encrypted, $key, $iv);

//A final comparision will show if everything worked as expected
if ($string == $decoded)
{
  echo 'Everything seems to work fine.';
}
else
{
  echo 'En-/Decoding failed.';
}

?>

I didn't test this code, so there might be some errors.

[Join us @ facebook]

Instead of this :

Code:

<?php
if (!extension_loaded('mcrypt'))
{
  if (strtoupper(substr(PHP_OS,0,3)) == 'WIN')
  {
    if (!@dl('php_mcrypt.dll'))
    {
      die('Could not load php_mcrypt.dll');
    }
  }
  else
  {
    if (!@dl('mcrypt.so'))
    {
      die('Could not load mcrypt.so');
    }
  }
}
?>

you can use this : (just a less code version)

Code:

<?php
if (!extension_loaded('mcrypt'))
{
    if (!@dl(strtoupper(substr(PHP_OS,0,3)) == 'WIN' ? 'php_mcrypt.dll' : 'mcrypt.so'))
      die('Could not load mcrypt');
}
?>

//Attention: You need to have mcrypt enabled in the php.ini!

that could be a problem for a lot of people with a shared hosting account!

Code:

<?php
if (!extension_loaded('mcrypt'))
{
    if (!@dl(strtoupper(substr(PHP_OS,0,3)) == 'WIN' ? 'php_mcrypt.dll' : 'mcrypt.so'))
      die('Could not load mcrypt');
}
?>

Good idea. I didn't use this possibility because this type of if-clauses are slower than "ordinary" if clauses. Loading differences >= 1 second(s) are noticeable if you call it about 1.000.000 times.

[Join us @ facebook]

No, those ifs are faster than the common if () else statements. I don't remember the site I read it, but there are benchmarks that point to that.

No, I read two days ago at freenode.org in #php.net (IRC) that the common if statements were faster. I'll do a benchmark later.

So Nick, he knocked you out hehe...

I use both of them depending on how long the code for the conditions is (make it readable)

... I think performance is important for websites with > 200 visitors an hour

[Guest]

[62.884]

Googlebot