Cryptography and SSL

Cryptography is the process of changing the format of data (i.e., encrypting it) so that it is more difficult to read. Some cryptography, such as PGP, available for free for public use from http://www.pgp.com, (Figure B.1), uses public and private keys in order to encode and decode information. Other cryptographic systems, like the crypt() function built into PHP will encrypt data but will not decrypt it. You can find out more about crypt() within the Strings section of the PHP manual.

In order to have a better level of cryptography available to your sites, you will need to download the mcrypt library from http://mcrypt.hellug.gr/ and then configure PHP with mcrypt support during installation. Inclusion of this library allows you to use the mcrypt() functions which can encrypt and decrypt information. See the above URL and the mcrypt section of the PHP manual for more information.

Cryptography is just a part of a secure solution as it can only be used once data has been received by the server. You may also need to take advantage of SSL connections in your Web sites. SSL, which stands for Secure Sockets Layer, is a method of securely transmitting information between a client (the Web browser) and the server. Utilization of SSL connections (indicated by the https :// prefix in a URL) is a must for e-commerce applications. You can also specify that cookies are sent over a SSL connection by setting the proper parameters when using the setcookie() function. Check with your ISP or server administrator to see if SSL connections are supported on the machine you are using.