Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Regular Coder
    Join Date
    Nov 2002
    Posts
    567
    Thanks
    2
    Thanked 4 Times in 4 Posts

    Understanding Encryption and Security

    I know this may be a little vague, but I have not dealt with it before. I am trying to get a handle on encryption and security for my web pages. Eventually I will want to have a site that allows customers to use their credit cards. So I will have to encrypt every form etc. The problem is I don't have a good understanding of the practices or of using SHA1 or Hashes or any of that. For example a user fills out an email form and clicks send. I take the message part of the form and encrypt it than it is sent to me. Where does it get un-encrypted? I mean, the web site host is going to forward that email to my inbox.

    Your responses most welcome. I hope this is the correct forum, but since this is being done with PHP I figured it was. If not, then I'll apologize now.
    Scott Stewart
    Always happy to learn from pros.

  • #2
    Regular Coder
    Join Date
    May 2006
    Location
    Wales
    Posts
    820
    Thanks
    1
    Thanked 82 Times in 79 Posts
    SHA1 and MD5 encryption cannot be decrypted (without a lot of resources) so they are generally used for user passwords (eg. if a MD5ed pass in a database equals to the MD5 of an entered pass login). I don't know much about credit cards but you will need to get a SSL certificate for your website.

  • #3
    Regular Coder
    Join Date
    Nov 2002
    Posts
    567
    Thanks
    2
    Thanked 4 Times in 4 Posts
    As a matter of fact, that is one thing I did follow early on (the password thing). But I don't understand how I can read a customer's message to me if I have to encrypt it before sending. I never have to read the customer's password so I don't care. But if unscrupulous hackers are just siting around waiting to mess with someone's open text email, what can you do besides encrypt it. If it is encrypted how do you read it?
    Scott Stewart
    Always happy to learn from pros.

  • #4
    Senior Coder
    Join Date
    Sep 2005
    Posts
    1,791
    Thanks
    5
    Thanked 36 Times in 35 Posts
    why are you using email?

    Decent payment gateways will allow you to send your users' details through to them (XMLRPC, SOAP or similar, over SSL) and inform you of success or failure.
    My thoughts on some things: http://codemeetsmusic.com
    And my scrapbook of cool things: http://gjones.tumblr.com

  • #5
    Regular Coder
    Join Date
    May 2006
    Location
    Wales
    Posts
    820
    Thanks
    1
    Thanked 82 Times in 79 Posts
    For customer messages I don't think it would be worth encrypting, as if you can decrypt something, so can anyone else. Here's a guide on holding CC info.

  • #6
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    Quote Originally Posted by Mwnciau View Post
    MD5 encryption cannot be decrypted (without a lot of resources)
    http://www.md5decrypter.com/

    MD5 and SHA* are just algorithms. They take an input string and pass it through some complicated math to achieve a hash. They are not encryption. They can be figured out. The more complicated the hash the harder it is to figure out. Also, combining the input with a salt will help.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •