Wednesday, February 09, 2011

Changes to Program

I made two big changes to my email address encryption program.

The first is that I split the password in half. The first half of the password is in the PHP file and second half in the MySQL program. I also added an addNew directive. That way I could search for email addresses without creating a new address:

CREATE FUNCTION getEmailId(str VARCHAR(255), ipwd CHAR(4), addNew CHAR(1))

The line that does the encryption is now:

SET encrypted = AES_Encrypt(Lower(str),Concat(ipwd,'word'));

So I call the function with "SELECT getEmailId('','pass')". The villain would have to hack both my PHP program and my SQL Database to figure out that the pass word is "password"!

If I wanted even better security. I could double encrypt the password. Splitting the security token between the PHP code and a MYSQL procedure adds a layer of obfuscation.

BTW, I could have chosen to double encrypt the password, but Concat is faster.

No comments: