how to encrypt/encode sensitive php configuration data

gte604j

I am trying to find a way of encoding or encrypting sensitive data like db connection information and encryption keys.

I have a client that requires 3des for a lot of stuff but they want the key i use hidden in some way along with the db connection info hidden.

jake

dannys

A 1 way hash such as md5 is most secure, but only useful if you're comparing data with the original data (i.e user types in password - you md5($password) and compare it with the md5 hash in the database - if it matches the password's Ok.

MySQL's PASSWORD() works in the same way.

If you want to be able to decrypt the data again, you can use MySQL's ENCRYPT()/DECRYPT() functions or use mcrypt - which supports lots of ciphers (http://php.net/mcrypt)