Hello all.
I'm currently working on a new site that encompasses the registration
of members. The registration is taking place through PHP interaction
with MySQL. The site is just going to be for my friends and I, but I
have run into an issue that I have often wondered about before. Any
insight would be appreciated.
The database contains semi-sensitive information. Not CC numbers, but
think more like usernames/passwords to other sites. I've done sites
before in which I would create user accounts/passwords. In that case,
I would just to straight encryption, and then decipher the input
password against the db encrypted one to verify login credentials. No
problem. But, what about the case in which my underlying programs
will need to use the usernames/passwords that are in the database
(exactly as they appear) to POST logins to other sites using that
information?
Ideally, I want to keep the info as secure and protected as possible
in the database. I can't really encrypt() the passwords because I
need to decrypt them again in order to POST them on respective sites
for respective users. I don't think that's how it works when you
encrypt since the idea is not to be able to decrypt with ease.
Do I need to write my own encryption function? The idea of storing
unencrypted semi-sensitive information makes both me and my friends
nervous.
Any thoughts on how to tackle this?
Thanks in advance,
Chris
I'm currently working on a new site that encompasses the registration
of members. The registration is taking place through PHP interaction
with MySQL. The site is just going to be for my friends and I, but I
have run into an issue that I have often wondered about before. Any
insight would be appreciated.
The database contains semi-sensitive information. Not CC numbers, but
think more like usernames/passwords to other sites. I've done sites
before in which I would create user accounts/passwords. In that case,
I would just to straight encryption, and then decipher the input
password against the db encrypted one to verify login credentials. No
problem. But, what about the case in which my underlying programs
will need to use the usernames/passwords that are in the database
(exactly as they appear) to POST logins to other sites using that
information?
Ideally, I want to keep the info as secure and protected as possible
in the database. I can't really encrypt() the passwords because I
need to decrypt them again in order to POST them on respective sites
for respective users. I don't think that's how it works when you
encrypt since the idea is not to be able to decrypt with ease.
Do I need to write my own encryption function? The idea of storing
unencrypted semi-sensitive information makes both me and my friends
nervous.
Any thoughts on how to tackle this?
Thanks in advance,
Chris
Comment