Page 1 of 1

OpenSSL or is there something else?

Posted: Mon Jul 09, 2007 2:16 pm
by mattkenefick
I need to securely post and transfer data on my site.


An external script from Domain1.com posts data to my site, Domain2.com. I need to securely echo out "blah=mySecretString"
When I look at it all with a network analyzer like Ethereal, i can see the blah=mySecretString in plain text. Is there anyway to make it encrypted over the network, but still display as plain text?

Posted: Mon Jul 09, 2007 3:05 pm
by feyd
Is there a reason it needs to continue to be plain text?

Typically you can add an authenticity hash using an HMAC-styled (or even padded/salted) variant. This can allow you keep the data plain text, too.

Posted: Mon Jul 09, 2007 3:35 pm
by Mordred
Plaintext is almost the exact opposite of secret. A good symetric encryption with a shared (between the two scripts) key should do your job (beware the admins/owners of the two servers though). SSL can do the job of secure transport, but it only works one-way (domain1 is certain that it talks to domain2, but not vice versa). How do you stop a rogue domain3 to post the same data to domain2?