Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Encrypting a php page...

0 views
Skip to first unread message

Guy Macon

unread,
Mar 25, 2008, 9:29:31 PM3/25/08
to


Joseph Ashwood wrote:

>Sorry to be late to the party, but I figured this deserved more depth of
>thought, and I was bored. As an entrepreneur I would solve the problem
>differently. I observe that as this is a small shop, it will still require
>human intervention to handle the majority of processing. I also observe that
>collecting as little information as possible is good, and that providing
>personalized service is always a selling point. So here's what I would do:
>Collect name, email address, phone number, and CAPCHA (not because it is
>necessary, but because people will expect it). Use the email address to
>notify them of a scheduled time for a customer service representative to
>call them. Use the phone number for a customer service representative to
>call them and get the required information. Rep enters the information into
>an unrelated, fully encrypted system. This shifts the security from a server
>that can be located from the outside world to a server that can be
>completely hidden behind the firewall, inaccessible from the outside world.
>It shifts the user experience from "Do I trust this website" to a level of
>personal service beyond what they expect. Basically, it increases the cost
>of the credit check by a trivial amount, in exchange the security is
>increased significantly, and the user experience is more personalized.

Good luck calling me at (555)555-5555. Only an idiot gives his
phone number to someone who thinks having a telemarketer call me
to get info that I could have put on a webform is a good idea.
This is the same mentality that brought us "call for price."

More likely, I would simply leave the site and find a vendor who
understands how to run an online business.

Providing personalized service is *not* "always a selling point."
I don't want to be bothered with a telemarketer, a door-to-door
salesman, or even a Fax. I want to buy something and have it
show up at my door and on my credit card bill. If you aren't
willing to provide that service, somebody else will.

Joseph Ashwood

unread,
Mar 26, 2008, 4:25:15 PM3/26/08
to
"Guy Macon" <"http://www.guymacon.com/"@-.-> wrote in message
news:OIednX3bEKG...@giganews.com...
>
>
>
> Joseph Ashwood wrote:
> >[Some stuff that you can read elsewhere]

> Providing personalized service is *not* "always a selling point."
> I don't want to be bothered with a telemarketer, a door-to-door
> salesman, or even a Fax. I want to buy something and have it
> show up at my door and on my credit card bill. If you aren't
> willing to provide that service, somebody else will.

You're forgetting that this is a credit verification, not a purchase. For a
purchase I would've recommended outsourcing the entire collection process to
either Google or Paypal, both of which offer systems for exactly that
purpose that are quite good and for a small infrastructure would be the most
cost effective option.

In this case, though I worked from the assumption that for a credit
verification there is always something of substantial value (minimum case -
used cars at a couple thousand dollars). I also assumed that because it is a
small shop collecting credit verification information, there will be
substantial human intervention anyway, in particular a human will be
required to close the large sale, so the added cost would be trivial.

If I'm wrong about the assumptions, then obviously that changes the results.
Joe

Einstein

unread,
Mar 28, 2008, 2:01:13 PM3/28/08
to
<?php
$password = crypt('mypassword' , 'd4');
print $password . " is the CRYPT_STD_DES version of mypassword<br>";
$password = crypt('mypassword' , 'k783d.y1g');
print $password . " is the CRYPT_EXT_DES version of mypassword<br>";
$password = crypt('mypassword' , '$1$d4juhy6d$');
print $password . " is the CRYPT_MD5 version of mypassword<br>";
$password = crypt('mypassword' , '$2a$07$kiuhgfslerd...........$');
print $password . " is the CRYPT_BLOWFISH version of mypassword<br>";
?>

<?php

// Designate string to be encrypted
$string = "Applied Cryptography, by Bruce Schneier, is
a wonderful cryptography reference.";

// Encryption/decryption key
$key = "Four score and twenty years ago";

// Encryption Algorithm
$cipher_alg = MCRYPT_RIJNDAEL_128;

// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg,
MCRYPT_MODE_ECB), MCRYPT_RAND);

// Output original string
print "Original string: $string <p>";

// Encrypt $string
$encrypted_string = mcrypt_encrypt($cipher_alg, $key,
$string, MCRYPT_MODE_CBC, $iv);

// Convert to hexadecimal and output to browser
print "Encrypted string: ".bin2hex($encrypted_string)."<p>";

$decrypted_string = mcrypt_decrypt($cipher_alg, $key,
$encrypted_string, MCRYPT_MODE_CBC, $iv);

print "Decrypted string: $decrypted_string";

?>

0 new messages