Michael Nitschinger has a new post for the Lithium framework users out there - a quick tutorial about encrypting your session information with the new built in "Encrypt" strategy feature.

If you check out the master branch, you can use the new Encrypt strategy to encrypt your session data automatically. This means that you can read and write session data in cleartext and they will be encrypted on the fly before getting stored (in a cookie, for example).

You'll need the mcrypt extension installed for it to work correctly, but it makes storing the encrypted version of your data more or less automatic. Just set up your Session configuration to use it as a strategy and any time you call a "read" or "write" the hard work is handled for you. For those more interests in what's "under the hood" he goes on to talk about how the strategy works, what cipher it uses by default, how to change it and the default string to use in hashing.

On WebReference.om today Leidago Noabeb has kicked off a series with part one of his look at encryption in PHP applications and how it can keen you from ending up like him.

Recently, an attacker hacked into my database and stole all the passwords and usernames stored there. Needless to say, I had to change everything and it cost me time and money. What made the crime easy for the attacker is that I never encrypted any of the passwords in the database. I've learned my lesson and now I'm passing along that wisdom with this article about encryption in PHP. Using some of the encryption techniques that PHP offers, you can safeguard your information in various ways.

He lays the foundation for the series by talking about three different kinds of encryption that can help you protect your data - one-way encryption, symmetric (using a key) and asymmetric (shared key locking).

Juozas Kaziukenas points out a new class in his latest blog post that can be used to make secure connections over to PayPal (encrypted) using their Encrypted Website Payment method.

In my situation, PayPal is only used to pay for orders - cart and order setup is done in our shop, so I do not want to have additional problems with users changing orders numbers, amount to be paid, etc. [...] Only PayPal knows how to decrypt it, because it uses public key encryption technology (you need to upload your certificate in PayPal account).

Some sample usage code is included as is a link to the class itself. His example takes a payment transaction including the item name, amount and currency type and sends it off to the PayPal servers in a connection protected by certificates.

Padraic Brady has a new post today mentioning both the PEAR::Encryption package and the Zend_Crypt component of the Zend Framework.

It's been a while since I did some active ZF/PEAR component development. It's been one of those 6 month periods where time to commit was a rarity for a few reasons. So now that I'm back on the road, where to?

He sets his sights on the Zend_Crypt component and details some of the encryption methods it contains - HMAC, the Diffie-Hellman Key Agreement Protocol, a hashing wrapper and proposed support for a RSA public key cryptography. He mentions that a lot of this support is already in a beta package for PEAR.

Ryan Malesevich is taking a break from his look at some handy WordPress packages to share a small series on how to move from using MD5 hashes out to SHA-1 hashes for passwords in a MySQL database. He's posted part one today.

What if you're using MD5 in your web application and want to switch over to another encryption method. It's actually not that hard and I plan to cover them in this multi-part tutorial (I know I planned on writing this months ago, but it's better late then never). In this first part I plan on going over updating the database structure and a 'pseudo-code' of what will need to be done.

As mentioned, he gives the outline (pseudo-code) of how the process will work - basically, creating an SHA1 hash of the MD5 and the username in a "newpassword" column added to your database.

Encryption can be a difficult issue to comprehend, inside of PHP or not. Thankfully, there are resources out there that can help simplify things and bring them down to where they're really useful. This new tutorial from the IBM developerWorks site today is just such a resource.

In this increasingly virtual online world, you have to be careful to protect your data. Learn the basics of encoding and encrypting important bits of information, such as passwords, credit card numbers, and even entire messages. Get an overview of what it means to encrypt and decrypt information, as well as some practical examples involving passwords and other data, using PHP's built-in functionality.

They start off where any good encryption article should - with a primer in cyrptography. You can't understand the advanced without a good grasp on the basic. Using this knowledge, they start to work up their form, a simple username and password validation system.

They provide all of the code you'll need to build the form, and even intorduce you to the crypt() function. A bad use of this functionality is also illustrated. Of course, encryption is only half the fun, so they also include an example of decrypting the same information.

On his blog today, Joshua Houle has posted a tutorial that looks at some simple encrpytion/decryption functions that he's whipped up for his everyday use.

Our first function is our encryption function called createsecretmessage. It takes two arguments, the message we want to encrypt and the key. The second function is the decryption function. It also takes two arguements, the encrypted message and the key.

Before he even gets into the code, he explains how the encryption portion of it works, complete with a chart representing the encryption process. Following this,the two functions are explained, each with their own code to make cut and paste simple.

DevShed has this new tutorial posted today concerning the use of text file authentication to create "private pages" in your site.

You run a website that is simple enough it doesn't require a database. But your site features certain pages to which you'd like to limit access. Most of the time, that implies using a database to store passwords and usernames. There is an easier way, however. It's less secure, but it involves a lot less coding.

They step you through the process - creating the form, making the PHP page for it to submit to, checking the password (including a bit on encryption), and validating the user's entry against it.

There's always been several PHP developers out there looking to protect the source that they so lovingly crafted. They look for alternatives to keeping it safe, but sometimes it's just not enough. In this new post on the Sjon.Blog today, he mentions some of the frustrations he's had already with exectly this.

Zend almost convinced me that their Safeguard Suite really secured your PHP scripts. Ofcourse I know that scripts need to be interpreted and executed and are therefore never 100% safe; but I expected some form of obfuscation and rewriting to prevent this. This doesn't seem to be the case though. I have had a look at PHP Obfuscator/Obscurer, but a good illustration of the quality of that script can be illustrated with a simple, readable example.

Also, obfuscating React took me almost an hour; which isn't that strange when you have had a look at the sourcecode.

As far as I've heard/seen so far, there's not really a good solution to this dilema. Sure, some are better than others, but there's still a hole there that is just waiting to be filled with an application anyone can use...

From the Oracle Technology Network site today, there's this new HowTo on encrypting you data in Oracle using PHP.

A crucial but easily overlooked aspect of data storage is protecting sensitive information'"from passwords, to credit cards, to social security numbers'"using encryption. Thus an understanding as to what encryption techniques are available in Oracle (via a PHP interface), and how best to use them, is important for all Web developers.

In this HowTo, you'll get a brief introduction to the necessary tools, and even get some specific code, for improving the security of your data.

They look first at a little background - what is encryption and how is it usually used. Following that, the code comes out, showing you how to create the encryption functionality in the PL/SQL area and subit the data into the procedure via PHP. They show three different kinds of storage methods you can use as well - hashed, MAC, and AES encryption.

Thanks to Nexen.net for the pointer...