[nycphp-talk] Data encryption on ISP server
Patrick Ramsden
patrick at ramsden.com
Fri Jun 24 21:56:43 EDT 2005
Frank-
Not sure if it's possible with your ISP, but one option that I've seen used
in the past is requiring both server and client certificates. If I recally
correctly, it was mostly handled through Apache and OpenSSL, although it's
been a while...
-Pat
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org
> [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Frank Wong
> Sent: Friday, June 24, 2005 4:43 PM
> To: NYPHP Talk
> Subject: [nycphp-talk] Data encryption on ISP server
>
> I have an encryption strategy question and was wondering if
> anyone can
> help.
>
> There is data that I'm storing on an ISPs server that I would like to
> encrypt. This data can be access through the hosted website
> via 128bit
> SSL that is username and password protected. Therefore, the data and
> the password to access the data are all encrypted using a pass-phrase
> and AES through php. However, my concern is that where and how do I
> store this all important pass-phrase since it is the key that
> opens all
> doors. My ISP does not allow the webserver process to access any
> directory outside of the www root directory so my pass-phrase
> needs to
> be either stored within www root (plus sub directories) or in the
> database. If either of those places are considers secure, I
> would not
> need to use encryption in the first place.
>
> My logic must be flawed as I'm certainly not the first to deal with
> encrypting sensitive information. Where am I not thinking correctly
> other than behind my desk? Thanks to all in advance.
>
>
> __________________
> Frank
>
> _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
>
More information about the talk
mailing list