That's a big question.
The most secure way, using either mcrypt or PGP, is to have an
application on the client's side that does the encryption and the
decryptiong. This is probably the best solution. Heavily encrypt things
on both sides, and this assumes the client side is secure.
Barring this, you're going to have holes no matter what. Especially with
man in the middle attacks (MITM).
Use SSL, 128-bit SSL. This will help the most.
The next best thing is to store it in session variables, but build your
own system perhaps, and yes, encrypt it lightly with some system and a
system passphrase. Clean up the sessions as soon as possible. And store
a bunch of other data in there. Perhaps store the passphrase as the
variable 'Height' or 'Bytes' or something, and store 'Password'
'Passphrase' with dummy data. Not too much, you want to throw the person
off as much as possible.
Then, you need to obfuscate or preferably, encode your script so know
one can figure out your scheme. Hope this helps some.
--Joseph Guhlin
http://www.josephguhlin.com/
Web Programmer / Unix Consultant / PHP Programmer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
