• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Is there an Encryption class? What am I missing?

#11
(09-27-2018, 03:03 PM)ciadmin Wrote: but there is no need to re-invent the wheel Undecided

Yep I agree with that, still I'm struggling to find other practical reasons to use encryption, my SMTP example was more of a double safety net, encryption for paypal transactions etc, just use their own libraries, so to be honest, I'm not sure what else you would NEED encryption for unless anyone has any suggestions.
Practical guide to IgnitedCMS - Book coming soon
Reply

#12
One use case is building a secure messaging system between sites ... something more secure than SSL.
I have used this before as student exercises Smile
(Even got written up in the local paper for teaching them to be hackers, shame on me!)

Another use case is encrypting some critical licensing or permission stuff, which can only be decrypted using a (paid for) license key (aka decryption key or seed). I have had developers ask me how to do this.

Another use case is storing sensitive data in a database ... stuff like salaries, that you don't want just anyone to be able to see, without limiting access to their phone numbers etc. That could apply to an internal staff DB. And yes, you would normally keep salaries inside payroll, not a contact database. Just sayin'.
Reply

#13
(09-27-2018, 02:39 PM)kilishan Wrote: @Leo - what are using encryption for?  I've almost never used that library myself so trying to understand use cases.

Storing passport numbers in a database. Encrypting cookies in a referral system. And whatever else a client may ask of me to implement in a forex website (or something to do with money, the potential client is still working on what exactly I'm supposed to build). I also agree that a class doesn't really need to go to CI, especially with encryption evolving all the time, and not really needed on most sites.
Wait, what?
Reply

#14
For the licensing couldn't you store that in a folder, and a user can only access that folder if they go to a url when an access session is set (after payment)?

I'm not too convinced about encrypting salaries, when you're doing a data report wouldn't that be a PITA?

I don't know what do you think?
Practical guide to IgnitedCMS - Book coming soon
Reply

#15
@Leo what do you do if the user forgets their encryption password?
Practical guide to IgnitedCMS - Book coming soon
Reply

#16
(09-27-2018, 03:34 PM)ignitedcms Wrote: @Leo what do you do if the user forgets their encryption password?

They don't get an encryption password. I just plan to use an encryption key to store in configs or somewhere.
Wait, what?
Reply

#17
(09-27-2018, 03:38 PM)Leo Wrote:
(09-27-2018, 03:34 PM)ignitedcms Wrote: @Leo what do you do if the user forgets their encryption password?

They don't get an encryption password. I just plan to use an encryption key to store in configs or somewhere.

Ah OK, I thought you was encrypting each one with their own personal keys or something.
Practical guide to IgnitedCMS - Book coming soon
Reply

#18
My issue is if you're worried about a db manager viewing the sensitive data in the database, surely if they're working on top level db access they would have access to the sources files and therefore the config files where a master encryption key is set.

Therefore wouldn't they be able to dump the salaries if they wanted? Well that's what I always thought, hence why I still struggle to see real practical needs for encryption libs?
Practical guide to IgnitedCMS - Book coming soon
Reply

#19
(09-27-2018, 03:48 PM)ignitedcms Wrote: My issue is if you're worried about a db manager viewing the sensitive data in the database, surely if they're working on top level db access they would have access to the sources files and therefore the config files where a master encryption key is set.

Therefore wouldn't they be able to dump the salaries if they wanted? Well that's what I always thought, hence why I still struggle to see real practical needs for encryption libs?

That is true, but I think encrypting sensitive data in a db is better then leaving it as is alltogether, and, me as the website developer - will at least have the option of removing the key and giving it to the person in charge of the website and leaving all the data secured, just in case if they ask. Or they hire more people to manage the website and they don't want them to see the data. What if they want to regularly back up the db and store it in external storage. etc. You know...be prepared for whatever Smile
Wait, what?
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.