Bill-
Nicely done. For security though, I wouldn't store the encryption keys
in either the LC stack or (especially) the php script.
In the php script you can set the environment variable on the server and
then access it as
$encryption_key = .$_ENV["ENCRYPTION_KEY"]
Same thing, obviously, for the initialization vector.
On the LC end of things, it depends on whether you're distributing the
stack as a standalone application or whether you have control over the
environment the stack is running in. If you're in control of the
environment then you can do something similar: set environment variables
and then pick them up in the LC script. If you're distributing the stack
to others, then I'd probably obfuscate the keys as much as possible: put
them into an array with numeric keys, encrypt the array, store it in a
custom property of some non-related object... if you need to distribute
a stack without password protection I don't think there's any way to be
completely secure, but there are ways to at least pretend to hide the keys.
[semi-related isue]
be careful with lines like
$post = file_get_contents('php://input');
Your test code should be fine, but if you're interacting with a database
you'll want to scrub the input before acting on it.
--
Mark Wieder
ahsoftw...@gmail.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
