At our company, we process a lot of requests on the leading gift cards and coupons websites in the world. The senior developers had a meeting in late October to discuss working on a solution to replicate the MySQL functions of AES_ENCRYPT and AES_DECRYPT in the language of PHP. This article centers on what was produced by senior developer Derek Woods and how to use it in your own applications.

He starts with a little bit of backstory - why to even bother using encryption, what AES encryption is and why you should probably avoid using the MySQL implementation of it in your apps. PHP's mcrypt functions don't return the same hashes as their MySQL counterparts (he includes the "why" of this) and includes some quick code to replicate the MySQL behavior. He also mentions some issues with the transformation, newlines and shows the source for their completed "aes_crypt" and "aes_decrypt" functions.

A crucial but easily overlooked aspect of data storage is protecting sensitive information'"from passwords, to credit cards, to social security numbers'"using encryption. Thus an understanding as to what encryption techniques are available in Oracle (via a PHP interface), and how best to use them, is important for all Web developers.

In this HowTo, you'll get a brief introduction to the necessary tools, and even get some specific code, for improving the security of your data.

They look first at a little background - what is encryption and how is it usually used. Following that, the code comes out, showing you how to create the encryption functionality in the PL/SQL area and subit the data into the procedure via PHP. They show three different kinds of storage methods you can use as well - hashed, MAC, and AES encryption.

Thanks to Nexen.net for the pointer...]]> Wed, 21 Dec 2005 07:25:27 -0600