To store sensitive information the application needs to use, you need two-way functions that use a secret key to encrypt and decrypt the data. We discuss encryption briefly later, in Section 9.5. One significant problem when using a key to encrypt and decrypt data is the need to securely manage the key.
PHP provides a set of functions that access the
mcrypt library, which provides encryption and decryption support using a variety of encryption standards. To use
mcrypt functions, you must install the
libmcrypt library and then compile PHP with the
MySQL also has the reversible
encode( ) and
decode( ) functions described in Chapter 3.
Web Database Applications and Authentication
So far in this chapter we have presented techniques that control access to resources-in particular, PHP scripts-based around HTTP authentication. The simplest technique discussed so far is to configure Apache to perform the authentication and authorization. For greater flexibility, we have described how PHP can manage the authentication process, allowing scripts to apply whatever logic is required to meet the authorization needs.
In this section we discuss issues of building web database applications:
Examining why HTTP authentication works well with stateless applications
Showing how a stateful application might manage HTTP authentication and the issues that are faced when building session-based web database applications
Discussing some reasons why HTTP authentication may not be suitable for all applications
Developing an authentication framework that can be used in a web database application illustrating the techniques presented in this section and earlier in this chapter