I have a project where I need to log logins (time of day, user that is logged in, etc) in such a way that I can't add new records, change existing records, etc. Then, someone else (the auditor) has to be able to view the records and validate that they are correct.
So far I've come up with this: I create an encoded signature of the data incorporating an additional "secret code" that is hard-coded into the php file by the auditor. This encoded signature field is added to the database along with the rest of the login data. The PHP script that does all the logging is then encoded by Zend encoder (or equivalent) by the auditor and given to me so that I can't get at the secret code. In this way, I cannot add or change records because I cannot create the corresponding encoded signature without the code. The auditor can validate the data by putting the secrect code together with the data and comparing the resulting signature with the signature attached to the record.
This method works, but there are problems. For example, I can't change any of the surrounding code without having the auditor re-enter the secret code and encode the script.
Can people please direct me to any other ways of doing this, signature algorithms that might work better than the 128-bit md5, and any other advice you might give me?
Many Thanks
