Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
2
Hi guys,
I want create a web site for banking.
i need a solution for inserting data in database, i want encrypt username and emails address, becuse
hackers when hack or admin server can't see my records (users and emails of members)
i want create a algorithm for this,
In your opinion, this is a good way?
please give me your solutions
thank you so much
5 replies to this topic
Back to top|
|
|
#2
Posted 20 October 2011 - 09:13 AM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
- Location:Upstate, South Carolina
- Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
- Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others
As a general rule of thumb: if they have access to your database, they likely have access to your PHP, and can decrypt the data. The PHP has to exist in the DMZ, the database should be behind a firewall. Therefor, if they can access your database you have BIG problems.
#3
Posted 20 October 2011 - 09:43 AM
Vaielab
-
- Members
-
- 547 posts
Programming God
Banking website are not simply created.
They have to be watched 24hours a day. Each bank (at least the one I work with) have team of programmer/security network/other geek guy working all day long to ensure the data is safe.
Since you are responsable for the money, if the money get stolen, you are responsable to refund the money to the people.
Plus, if you are talking about admin server can't see your record, you must be on a shared server. And this is really a big risk.
If you have a bug in your code, or if someone else on the server have some sort of bug, a hacker could take your data. So even if you are fully protected (and this is impossible) you are still at risk.
They have to be watched 24hours a day. Each bank (at least the one I work with) have team of programmer/security network/other geek guy working all day long to ensure the data is safe.
Since you are responsable for the money, if the money get stolen, you are responsable to refund the money to the people.
Plus, if you are talking about admin server can't see your record, you must be on a shared server. And this is really a big risk.
If you have a bug in your code, or if someone else on the server have some sort of bug, a hacker could take your data. So even if you are fully protected (and this is impossible) you are still at risk.
#4
Posted 20 October 2011 - 12:17 PM
lol33d
-
- Members
-
- 149 posts
Programmer
Thank you Guys,
The banking system is example, My System is on the localhost and the database is on the server.
(Connect of localhost to server database. and admin server cant access to my algorithm)
and server admin only can access the database.
what do you recommend about that?
give me solution please.
The banking system is example, My System is on the localhost and the database is on the server.
(Connect of localhost to server database. and admin server cant access to my algorithm)
and server admin only can access the database.
what do you recommend about that?
give me solution please.
#5
Posted 20 October 2011 - 01:07 PM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
- Location:Upstate, South Carolina
- Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
- Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others
You're still going to be dealing with the server admin having access to the PHP when you go live.
This sounds like there's something going on that you aren't telling us. WHY do you want the email addresses encrypted? Of all the things to consider secure data, that's not high on my list.
This sounds like there's something going on that you aren't telling us. WHY do you want the email addresses encrypted? Of all the things to consider secure data, that's not high on my list.
#6
Posted 20 October 2011 - 02:30 PM
Vaielab
-
- Members
-
- 547 posts
Programming God
You could try to obfuscate your php code, but this will only make it hard to see the code, not impossible.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
