Hi All, I want to thank everyone for their suggestion.
A short term solution we're simply going to remove the "username" from the email. This way if a hacker does obtain the email they don't have the complete details to gain access to the users account. I would like to know more about the code supplied below though. How does this work? As long as they HAVE a string that gets compared in the DB then what good is this? They can still gain access to the users account. Thanks again. Aaron -----Original Message----- From: Jeremy Wilson [mailto:[EMAIL PROTECTED]] Sent: November 16, 2002 1:08 PM To: 'Aaron Wolski'; 'Jason Vincent'; [EMAIL PROTECTED] Subject: RE: [PHP-DB] Email Encryption? $encrypted_string = md5(base64_encode($var.'secret key')); Pass the user name or password to $var and place text in to replace the words 'secret key'. -----Original Message----- From: Aaron Wolski [mailto:[EMAIL PROTECTED]] Sent: Friday, November 15, 2002 8:45 AM To: 'Jason Vincent'; [EMAIL PROTECTED] Subject: RE: [PHP-DB] Email Encryption? Well. Its not what they want.. it what one of their clients want (very big corporation with very unrealistic security standards - you'd think they were NASA or something *grumble*) Their thought is that someone could hack the received email, login to the store using the publically displayed logins details and reek havoc on the store, etc. *shrugs* Sadly this isn't open for debate as a solutions IS required. Any thoughts? Aaron -----Original Message----- From: Jason Vincent [mailto:[EMAIL PROTECTED]] Sent: November 15, 2002 11:42 AM To: Aaron Wolski; [EMAIL PROTECTED] Subject: RE: [PHP-DB] Email Encryption? Why email? If the Admin tool uses SSL, that is all you need. Regards, J -----Original Message----- From: Aaron Wolski [mailto:[EMAIL PROTECTED]] Sent: Friday, November 15, 2002 11:39 AM To: 'Aaron Wolski'; [EMAIL PROTECTED] Subject: RE: [PHP-DB] Email Encryption? Just thinking here.. PGP is not an option as it would mean EACH user being setup would need the company's public key to decrypt. Not possible as they setup a few hundred accounts each month. Hmm.. anything else? Argh :( Aaron -----Original Message----- From: Aaron Wolski [mailto:[EMAIL PROTECTED]] Sent: November 15, 2002 11:36 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] Email Encryption? <OFFTOPIC> Sorry for the off topic guys.. But I've just been informed that an application we developed for a client whereby they use an Admin tool to setup user accounts into their store needs to have the login (username and password) encrypted. I am thinking PGP for this but to be honest I've never really worked with PGP and wouldn't have the first clue. Does anyone have any experience with this or can offer and advise at all? Again, sorry for the OT discussion. Aaron -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
