Jump to content

Creating Secure PM's??

doubledee

By doubledee
in PHP Coding Help

 Share

Recommended Posts

doubledee Advanced Member

doubledee

Posted
Posted

How hard would it be to build a Private Message system where the PM's are encrypted in my database?

 

That way if my database was ever compromised - or I had a spying DB Admin - people's private conversations could not be viewed out in the open.

 

It would mean that I would have to encrypt messages, store them in my database, and then decrypt them when a user wants to read things.

 

Just curious...

 

Thanks,

 

 

Debbie

 

Link to comment
Share on other sites
l0gic Newbie

l0gic

Posted
Posted

Well, try this..

<?php
$str = "This is an encoded string";
echo base64_encode($str); // Should output VGhpcyBpcyBhbiBlbmNvZGVkIHN0cmluZw==
?>

 

So..

<?php
$str =  "This is an encoded string";
echo "Original: " $str . "<br>\n";
$str = base64_encode($str);
echo "Encoded: " $str . "<br>\n";
echo "Decoded: " base64_decode($str) . "<br>\n";
?>

 

Pretty much copy/pasted from:

http://php.net/manual/en/function.base64-encode.php

http://php.net/manual/en/function.base64-decode.php

 

Personally I'd just be pickier about who can see the DB.

 

Edit: Fixed my error in second lot of code.

Link to comment
Share on other sites
The Little Guy Prolific Member

The Little Guy

Posted
Posted

This is just a rough draft, but it does work (please read the comments):

 

<?php
$salt = "oasd83or34509ig6DF";

echo $message = "Hello, what are you doing tonight?";

echo "<br><br><br>";
// Encode it for the database:
echo $val = base64_encode(base64_encode($salt).base64_encode($message));

echo "<br><br><br>";
// An attempt to decode it if you DON'T know how it was hashed:
// It will return something like this: "b2FzZDgzb3IzNDUwOWlnNkRGSGVsbG8sIHdoYXQgYXJlIHlvdSBkb2luZyB0b25pZ2h0Pw=="
// You need the salt to get past, and the algorithm
echo $return = base64_decode($val);

echo "<br><br><br>";
// An attempt to decode it if you DO know how it was hashed:
echo $return = base64_decode(base64_encode($salt).base64_decode($val));

echo "<br><br><br>";
// Remove the salt (2 salts were added for some reason)
echo preg_replace("/^$salt$salt/i", "", $return);

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted

Well, try this..

<?php
$str = 'This is an encoded string';
echo base64_encode($str); // Should output VGhpcyBpcyBhbiBlbmNvZGVkIHN0cmluZw==
?>

 

So..

<?php
$str =  "This is an encoded string";
echo "Original: " $str . "<br>\n";
$str = base64_encode($str);
echo "Encoded: " $str . "<br>\n";
echo "Decoded: " base64_decode($str) . "<br>\n";
?>

 

Pretty much copy/pasted from:

http://php.net/manual/en/function.base64-encode.php

http://php.net/manual/en/function.base64-decode.php

 

Personally I'd just be pickier about who can see the DB.

 

Edit: Fixed my error in second lot of code.

 

That's not encryption and is just as easy to see as plain text.

 

I don't think there's a lot of merit for doing something like this. Your users are stupid to begin with to disclose sensitive information in a random website. Plus if you're not using SSL it's rather pointless.

 

But since you asked, you can do it with the mcrypt library. http://www.php.net/manual/en/function.mcrypt-encrypt.php

Link to comment
Share on other sites
l0gic Newbie

l0gic

Posted
Posted
That's not encryption and is just as easy to see as plain text.

 

Yes, but seeing is not the same as reading.

 

And if anyone browsing the DB through say PhpMyAdmin or an SQL dump has the ability to decode that in their mind, then they deserve to be able to read it.. If they have the ability to pull it out and use base64_decode() then it wasn't worth doing in the first place.

 

Common sense is usually secure enough. If people shouldn't be able to see things, don't give them the means to see things.

Link to comment
Share on other sites
cpd Member

cpd

Posted
Posted

Unless your planning on having loads of DBA's or just people with the ability to log into your database, its not worth worrying about.

 

As already mentioned, mcrypt is a good route to go along and one of the best. You can look into bit shifting with the bitwise operators as well to make it a little more difficult.

Link to comment
Share on other sites
cpd Member

cpd

Posted
Posted

base64 is usually pretty recognizable. It is absolutely trivial to decode it; I have a Firefox addon to do it in about 2 key presses.

 

base64 was not made to be secure, so it is stupid to use it in such a way.

 

And scootstah is right its not intended as an encryption tool. It's use is to ensure data isn't manipulated in some manner when being transferred from one location to another.

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted

"Personally I'd just be pickier about who can see the DB."

 

That's not the point. The point is that in the event her database was hacked, she doesn't want the hackers to be able to read the private message conversations. This has little to nothing to do with "who can see the DB".

Link to comment
Share on other sites
l0gic Newbie

l0gic

Posted
Posted

Looking into it more mcrypt would be the way to go if you really wanted to do this.

 

I can't say I've ever come across the need to do it though. And your users should be aware of what the send via private message, it comes back to that common sense thing.

 

For example, Scootstah might PM me asking if he can use my credit card to buy something. I wouldn't reply saying "Yeah, of course my CC number is 5402........... etc" I'd just say yes, that it could be arranged.

Link to comment
Share on other sites
doubledee Advanced Member

doubledee

Posted
  • Author
Posted

That's not encryption and is just as easy to see as plain text.

 

Yes, but seeing is not the same as reading.

 

And if anyone browsing the DB through say PhpMyAdmin or an SQL dump has the ability to decode that in their mind, then they deserve to be able to read it.. If they have the ability to pull it out and use base64_decode() then it wasn't worth doing in the first place.

 

Common sense is usually secure enough. If people shouldn't be able to see things, don't give them the means to see things.

 

Let's step back for a minute here...

 

1.) If I run a website that becomes widly popular - even mildly popular - and I have people posting away their lives - even if it is just their thoughts and opinions - then I feel a fiduciary responsibility to *reasonably* protect that information.

 

If someone hacked my website or database, I don't want to give away everything.  The bad guys should have to at least work to get at the data.

 

 

2.) Since I am building an e-commerce site, what about the non-credit card info I might be storing (e.g. Name, Address, Order History) that is still sensitive.  I would feel pretty bad if I lost the mailing addresses for 10,000 Members who trusted me.

 

And before some smar*ss says something...

 

No, I am not the Defense Department nor do I have a billion dollars to build the world's most secure data center?!

 

But there is nothing wrong with taking baby steps and doing what I can to make it extremely difficult for people to get at my User's data even if it is inconsequential like what they think about the article "Postage Meters Cab Save You Money"?!

 

 

Debbie

 

Link to comment
Share on other sites
doubledee Advanced Member

doubledee

Posted
  • Author
Posted

"Personally I'd just be pickier about who can see the DB."

 

That's not the point. The point is that in the event her database was hacked, she doesn't want the hackers to be able to read the private message conversations. This has little to nothing to do with "who can see the DB".

 

Bingo!!!

 

 

Debbie

 

Link to comment
Share on other sites
doubledee Advanced Member

doubledee

Posted
  • Author
Posted

Looking into it more mcrypt would be the way to go if you really wanted to do this.

 

I can't say I've ever come across the need to do it though. And your users should be aware of what the send via private message, it comes back to that common sense thing.

 

For example, Scootstah might PM me asking if he can use my credit card to buy something. I wouldn't reply saying "Yeah, of course my CC number is 5402........... etc" I'd just say yes, that it could be arranged.

 

Honey, if you have a credit card - with LOTS OF Available Credit - then this thread no longer matters and we should talk offline...  ;D  *LOL* *ROFL*

 

 

Debbie

8)

Link to comment
Share on other sites
l0gic Newbie

l0gic

Posted
Posted
Honey, if you have a credit card - with LOTS OF Available Credit - then this thread no longer matters and we should talk offline...  ;D  *LOL* *ROFL*

 

 

Debbie

8)

 

Actually, it's a debit card.. But I guess "lots" still applies.

 

Have you considered splitting your database?

Link to comment
Share on other sites
l0gic Newbie

l0gic

Posted
Posted

What do you mean?

 

Debbie

 

Well some people would look at a 'large' site and split their database into several smaller databases to handle each part of the site.

 

For example, and online store with a forum might have:

 

User Info: Containing user information like usernames, real names, contact information, personal details, etc.

Shop: Containing products, product info, prices, comments, etc.

Forums: Containing forum topics, posts and replies, etc.

Purchases: Purchase history, invoices, orders, etc.

 

I don't know if people still do it much like this, but imagine when you're users sign-in they have to authenticate themselves and set a session variable. Now they authenticate themselves using your database which also contains personal data, orders, etc.. They're all open to inject-type attacks. But if they're only authenticating to using a database that only stores login data and what-not then that type of attack has no direct path to those other details.

 

Same as forum posts, the purchases database wouldn't be as easily attacked from an attack on the forum database.

 

Following?

 

Again, I don't know if this is widely used or not.. Maybe someone who worries about security more than I can chime in?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.