Mar 30, 2006
Let's say that a user sends info to my site, my script encrypts the info via a key, and the script stores the encrypted version into the database. Obviously, the key is within my PHP code. To decrypt the information later, I simply use the same key that's within my PHP code. Then, someone -- somehow -- gets into my system, able to view my database files. so the person can only view the encrypted version.
View 11 Replies
I can understand encrypting a stream, but is it really beneficial to encrypt stored information? If someone is good enough to get into my site to begin with, aren't they going to be smart enough to open up my PHP code in Notepad and search out the key?