PHP and Security..?

HelloWorld · #1 (**permalink**) 11-05-2007, 08:36 PM

Hello,
I'm just wondering on how do you guys save all of the information into database? Because when I checked this open source software, it seems like that they encrypt the information and then save it to the database, what is the beneficial? What are cases that the intruders can break and get administrator or user information from the database? Just to let all of you guys know, my current project is going to be about E-Commerce, so it's necessary for me to know all of the security tips. I'm new with all of these.. please help, very well appreciate it, thanx a lot

TeraTask · #2 (**permalink**) 11-05-2007, 09:22 PM

Encryption is a touchy subject with a server application. Here's the problem: If your script can decrypt the information, then anyone with access to it can decrypt it too. Unless you have a dedicated server protected by armed guards and the code is set to use public-key cryptography with the public key for each client used to store the data locally and the data is decrypted with their private key on their browser over a secure connection, your encryption stands a chance of being broken.

I have never been able to achieve that.

What are you trying to encrypt? What open source software are you talking about?

HelloWorld · #3 (**permalink**) 11-05-2007, 09:27 PM

well, I'm looking at the database information that osCommerce stores such as administrator password. It seems like the password that is stored to the database is encrypted by some kind of md5 or whatever you call it..?

TeraTask · #4 (**permalink**) 11-05-2007, 09:30 PM

That's not encryption. That's a hash. The difference? You can't decrypt a hash (with any degree of ease). They're functions without an inverse (explicit or able to be determined numerically). The idea is that you will never know their password. So, how do you know if they can login? You hash the password entered when logged in and compare the hashed values -- if equal you can assume they are the same and allow login.

And, if you're looking at OSC, stop. Use free, open source shopping cart software from Zen Cart instead.

HelloWorld · #5 (**permalink**) 11-05-2007, 09:43 PM

why would you recommend zen cart over osCommerce?

Lee · #6 (**permalink**) 11-06-2007, 01:48 AM

Quote:

Originally Posted by HelloWorld

why would you recommend zen cart over osCommerce?

Well i dont have much knowledge on that but its free, popular and theres many add-ons you can study to find how things are done.

TeraTask · #7 (**permalink**) 11-06-2007, 09:21 AM

Zen Cart's code base is cleaner and easier to work with, it is more often updated, the developers are a bit snotty, but the OSC developer is well known to be a **** (put in some negative term that won't get me sued). Zen Cart was started by some OSC developers who go tired of the guy who runs OSC and decided to make a better version, so they took the OSC source and started modifying it. That was years ago. Whenever I do shopping carts I refuse to use OSC and always use Zen Cart (even if that means losing the contract). I used to use OSC, but quickly got fed up with the codebase and how challenging it was to do anything and started hunting for something else -- I found Zen Cart.

That said, there are other carts out there too, but if you're looking at OSC I recommend moving straight over to Zen Cart to make your life easier.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

The Following User Says Thank You to TeraTask For This Useful Post:
HelloWorld (11-05-2007)