dongtuo3795 2013-08-19 15:17
浏览 50
已采纳

跨语言可逆加密(PHP,Python)[关闭]

I have a PHP driven web form that I would like to be able to input a password, encrypt it, and load it into a database. Then, using Python, query that password, decrypt it, and then use it to authenticate to a Microsoft Exchange email server with SMTPLIB. The rest of the authentication information will be stored in plain text. My main goal is to not store the password in plain text.

The only reason I am trying to use both languages is that the rest of the 'work' for my program is done in Python. I only use PHP for a simple interface. It is only for consistency.

Is there a simple to use, cross language reversible encryption library that can be used for this?

Would I be better off making my email script in PHP? If this is the case what library would be recommended for this task?

  • 写回答

2条回答 默认 最新

  • dszm02606009 2013-08-19 15:52
    关注

    If you need to read the password back, do encryption at the Database layer rather than the application layer - just ensure that you're connecting to the database either locally or over SSL.

    To store the password the steps would be something like:

    • Computer >>
    • HTTPS >>
    • Web server (PHP form) >>
    • (HTTPS if on a different server >>)
    • database (AES Encryption)

    Depending on the database you're using the syntax will probably change, but with MySQL you can do something like:

    INSERT INTO `table` (`password`) 
    VALUES (AES_ENCRYPT('{$sPassword}', '{$sEncryptionKey}'))
    

    Since PHP is writing this to the database you can use a PDO prepared statement to get the data in there...

    To retrieve the password with your Python script you'll simply need to run a SELECT statement on the SQL server with something like (assuming the data is in an AES encrypted BLOB) this:

    SELECT CONVERT(AES_DECRYPT(`table`.`password`, '{$sEncryptionKey}') USING 'utf8')
    AS `password`
    

    This way the only common data you need between PHP and Python is the encryption key (which is just a string). As long as you maintain an SSL connection whenever you're passing this data across the Internet, you should be OK.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥30 用arduino开发esp32控制ps2手柄一直报错
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 求chat4.0解答一道线性规划题,用lingo编程运行,第一问要求写出数学模型和lingo语言编程模型,第二问第三问解答就行,我的ddl要到了谁来求了
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题