Hello all, a long time no write any blog posts...
Today discussion is about how to implement tow way encryption both on client side and server side application. Firstly i'd like to discuss what is the difference between one way and two way.
One way is a method of securing data using hashes, like md5. The scheme for one way encryption is : sent data --encrypted--> send encrypted data, after encrypted the data must be matched with the data in the database, database data -- encrypted --> encrypted database data. If send encrypted data matched with the encrypted database data the data is verified as true. however this method still posses a viewable data during transportation between servers.
The other methods is two way encryption using the mcrypt module on php for server communication method since the data must be decrypted before verified, so cross site request forgery can be avoided.
for detailed resources, please refer to
http://www.t4vn.net/tutorials/showtutorials/An-Introduction-to-Mcrypt-and-PHP.html
Sunday, September 27, 2009
Subscribe to:
Posts (Atom)
