Kamis, 14 Agustus 2014

Bristol Digest, Vol 563, Issue 2

Send Bristol mailing list submissions to
bristol@mailman.lug.org.uk

To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk

You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."


Today's Topics:

1. Re: PHP5 MCrypt Postgres encoding (Martin Moore)


----------------------------------------------------------------------

Message: 1
Date: Wed, 13 Aug 2014 15:25:46 +0100
From: "Martin Moore" <martinm@it-helps.co.uk>
To: "'Bristol and Bath Linux User Group'" <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] PHP5 MCrypt Postgres encoding
Message-ID:
<!&!AAAAAAAAAAAYAAAAAAAAAFLxZtQqo65Oo+1jhlUB9DvCgAAAEAAAAIHwbR86we1Bh3xLjW2hGtQBAAAAAA==@it-helps.co.uk>

Content-Type: text/plain; charset="us-ascii"

That's much happier, thanks.

However, I've spotted that the encryption gives different output each time
it's run, presumably due to using a new initialization vector each time.

$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_ECB), MCRYPT_RAND);

If I run encrypt/decrypt without this param, I get the warning:

Warning: mcrypt_encrypt(): Attempt to use an empty IV, which is NOT
recommend in /var/www/html/vidarc/checklogin.php on line 28 Warning:
mcrypt_decrypt(): Attempt to use an empty IV, which is NOT recommend in
/var/www/html/vidarc/checklogin.php on line 31


I can live with this if needed, but what's the solution to have a consistent
but secure encrypt/decrypt routine?


Cheers.


-----Original Message-----
From: bristol-bounces@mailman.lug.org.uk
[mailto:bristol-bounces@mailman.lug.org.uk] On Behalf Of David Fear
Sent: 12 August 2014 15:54
To: martinm@it-helps.co.uk; Bristol and Bath Linux User Group
Subject: Re: [bristol] PHP5 MCrypt Postgres encoding

On 12/08/14 15:00, Martin Moore wrote:
> I'm trying to store an MCrypted string in a Postgres text field, but
> I'm having encoding issues.
>
> I had stored the encrypted string OK via PGAdmin but a query to check
> it from PHP failed with an 'invalid for UFT-8' type error.
>
> I've recreated the DB
>
>
> CREATE DATABASE vidarc
> WITH OWNER = postgres
> ENCODING = 'LATIN1'
> TABLESPACE = pg_default
> LC_COLLATE = 'en_GB'
> LC_CTYPE = 'en_GB'
> CONNECTION LIMIT = -1;
>
>
> and now can't insert the string via PGAdmin :
>
> ERROR: character 0xe2809e of encoding "UTF8" has no equivalent in "LATIN1"
> SQL state: 22P05
>
>
> I always struggle with Postgres encoding, how do I get round this
> (happy to consider other reversible encryption methods if it helps!)
>
>
>
> Martin.
>
>
>
> _______________________________________________
> Bristol mailing list
> Bristol@mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/bristol
>
Hi

Read this:
http://stackoverflow.com/questions/11519294/encrypt-data-in-postgres-with-ph
p

and:
http://stackoverflow.com/questions/15196151/preparing-storing-retrieving-enc
rypted-data-in-postgresql


The basic answer is:

from:
http://php.net/manual/en/function.pg-escape-bytea.php


===============================================
Example #1 pg_escape_bytea() example

<?php
// Connect to the database
$dbconn = pg_connect('dbname=foo');

// Read in a binary file
$data = file_get_contents('image1.jpg');

// Escape the binary data
$escaped = pg_escape_bytea($data);

// Insert it into the database
pg_query("INSERT INTO gallery (name, data) VALUES ('Pine trees',
'{$escaped}')"); ?> ===============================================

I would create the database with UTF-8 encoding and make the field type
BYTEA.

PROCESS:

To store in the Postgress RDBMS:
1) MCrypt the data using mcrypt_generic()
2) Use pg_escape_bytea() to escape the MCrypted data
3) insert into the data base.

To retrieve, do the reverse of the above.



Regards

-----------------------------------
Dave Fear :: david@dfear.co.uk

Order your free giffgaff SIM card through my page and get 5 pounds free
credit http://t.co/z1KJF5y

_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2014.0.4716 / Virus Database: 3986/7997 - Release Date: 08/07/14




------------------------------

_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol

End of Bristol Digest, Vol 563, Issue 2
***************************************
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)