James wrote: > Why do you assume the key is in the session? If I were going to > encrypt something and put it in the session, the key sure would not be > along with it, I would use data specific to the user (each user has > their own key). based on things like username/zipcode/ipaddress > probably a mashup of 3 bits of personal information that not everyone > would be able to get.
So the code for generating this key would be less readable than the session file? Since if I can read the session for some reason, I likely can read the source code that generates the session and thus get most of that information... and decrypt the data. Basically what I'm wondering is how you will keep the key, or the data that makes up the key secret. If you used username and or some random data like time, you'd have to store that someplace. So if you have a manner to store that key securely, why encrypt? Just put the CC info there... -- Nathanael d. Noblet Gnat Solutions, Inc T: 403.875.4613 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---