Would u teach me how to setup the OpenSSL and the engine for the apache web server in order to achieve the 128 bits SSL protection? Actually, I have tried so many times but still failed to do so... First of all, there were errors occurred when I compiled the Openssl engine, It seemed looking for a wrong file paths itself, however, I don't know how to correct it... Would u like to help me please? thx a lot "Bahwi" <[EMAIL PROTECTED]> ¼¶¼g©ó¶l¥ó·s»D :[EMAIL PROTECTED] > That's a big question. > > The most secure way, using either mcrypt or PGP, is to have an > application on the client's side that does the encryption and the > decryptiong. This is probably the best solution. Heavily encrypt things > on both sides, and this assumes the client side is secure. > > Barring this, you're going to have holes no matter what. Especially with > man in the middle attacks (MITM). > > Use SSL, 128-bit SSL. This will help the most. > > The next best thing is to store it in session variables, but build your > own system perhaps, and yes, encrypt it lightly with some system and a > system passphrase. Clean up the sessions as soon as possible. And store > a bunch of other data in there. Perhaps store the passphrase as the > variable 'Height' or 'Bytes' or something, and store 'Password' > 'Passphrase' with dummy data. Not too much, you want to throw the person > off as much as possible. > > Then, you need to obfuscate or preferably, encode your script so know > one can figure out your scheme. Hope this helps some. > > --Joseph Guhlin > http://www.josephguhlin.com/ > Web Programmer / Unix Consultant / PHP Programmer > > >
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
