dongtuo3795 2013-08-19 15:17
浏览 50
已采纳

跨语言可逆加密(PHP,Python)[关闭]

I have a PHP driven web form that I would like to be able to input a password, encrypt it, and load it into a database. Then, using Python, query that password, decrypt it, and then use it to authenticate to a Microsoft Exchange email server with SMTPLIB. The rest of the authentication information will be stored in plain text. My main goal is to not store the password in plain text.

The only reason I am trying to use both languages is that the rest of the 'work' for my program is done in Python. I only use PHP for a simple interface. It is only for consistency.

Is there a simple to use, cross language reversible encryption library that can be used for this?

Would I be better off making my email script in PHP? If this is the case what library would be recommended for this task?

  • 写回答

2条回答 默认 最新

  • dszm02606009 2013-08-19 15:52
    关注

    If you need to read the password back, do encryption at the Database layer rather than the application layer - just ensure that you're connecting to the database either locally or over SSL.

    To store the password the steps would be something like:

    • Computer >>
    • HTTPS >>
    • Web server (PHP form) >>
    • (HTTPS if on a different server >>)
    • database (AES Encryption)

    Depending on the database you're using the syntax will probably change, but with MySQL you can do something like:

    INSERT INTO `table` (`password`) 
VALUES (AES_ENCRYPT('{$sPassword}', '{$sEncryptionKey}'))

    Since PHP is writing this to the database you can use a PDO prepared statement to get the data in there...

    To retrieve the password with your Python script you'll simply need to run a SELECT statement on the SQL server with something like (assuming the data is in an AES encrypted BLOB) this:

    SELECT CONVERT(AES_DECRYPT(`table`.`password`, '{$sEncryptionKey}') USING 'utf8')
AS `password`

    This way the only common data you need between PHP and Python is the encryption key (which is just a string). As long as you maintain an SSL connection whenever you're passing this data across the Internet, you should be OK.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 usb设备兼容性问题
  • ¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊
  • ¥15 安装svn网络有问题怎么办
  • ¥15 Python爬取指定微博话题下的内容,保存为txt
  • ¥15 vue2登录调用后端接口如何实现
  • ¥65 永磁型步进电机PID算法
  • ¥15 sqlite 附加(attach database)加密数据库时,返回26是什么原因呢?
  • ¥88 找成都本地经验丰富懂小程序开发的技术大咖
  • ¥15 如何处理复杂数据表格的除法运算
  • ¥15 如何用stc8h1k08的片子做485数据透传的功能?(关键词-串口)