ansaurus

Question

Encrypt array as string

Answer 1

A:

If security doesn't matter use JSON to encode the array and then rot13 the string ;-)

lothar 2009-05-07 22:38:21

If security doesn't matter, why bother with encryption?

TwentyMiles 2009-05-07 22:49:22

@TwentyMiles because the question initially mentioned that :-)

lothar 2009-05-07 22:57:12

It's not a big concern because I'm taking other security measures too which should be pretty darn hard to get around as is. Plus, I'm not storing any confidential information on my website anyway... in fact, I'm not storing much more than a user_id.

Mark 2009-05-07 23:11:18

Answer 2

A:

Try XOR-ing all of the elements in the array store the resulting char in the string -- the the same in reverse to decrypt.

Nate Bross 2009-05-07 22:39:18

Answer 3

A:

if it doesn't need to be secure, plain base64 or rot13 might be worth looking at.

Fredrik 2009-05-07 22:39:45

Answer 4

+1 A:

I'd just implode then encrypt using Blowfish or (for so-so security) DES or something...

David Zaslavsky 2009-05-07 22:40:17

Implode the array? Explanation or link? thx...

JPhi1618 2009-05-07 22:44:02

@JPhi1618 http://ca3.php.net/manual/en/function.implode.php

Mark 2009-05-07 22:48:26

$str = implode('abc', array('1','2','3')); // $str => "1abc2abc3"

2009-05-07 22:51:30

Thanks... didn't even think it was an actual function name or I would have searched for it! Figured it was some complex scheme I hadn't heard of...

JPhi1618 2009-05-07 22:57:11

Imploding is a really bad idea. If any element of the array contains the same "glue" you're using to implode, you'll have problems when you try to explode the string back into an array.

Seb 2009-05-07 23:05:59

that's what I was worried about Seb.. which is why I was trying to use some stupid character like "\x1F".

Mark 2009-05-07 23:09:33

Try serialize(), that's what I use all the time; it works great ;)

Seb 2009-05-07 23:49:22

Answer 5

+6 A:

serialize() will get your information from an array to a string - and you could pass it through base64_encode() if you just want obfuscation - but not security.

If you want some security - look into mcrypt and blowfish: blowfish example

gnarf 2009-05-07 22:44:32

didn't know about serialize(), thanks!

Mark 2009-05-07 22:59:06

Answer 6

+3 A:

Use serialize() to convert the array to a string and unserialize() to turn it back into an array. It's far superior to implode and manual parsing. For simple obfuscation (which any programmer can see through) you can use simple base64 encoding, but you should really look into the mcrypt library to provide some real security.

The best thing would probably be to not store the array in a cookie at all. Store the array in a session variable instead so that all the user ever sees is a session ID. Of course this only works if you need the array just for the duration of the session.

You say in your comment that this is for a "remember me" cookie, so this is about authentication. In that case, don't store anything sensitive in the array. Just store a salted hash instead and use that. For example, your cookie could contain the username and a salted hash of (database password hash + ip address range). When the user comes on the site, read the cookie and construct the hash from the information in your database. If it matches the hash in the cookie, log him in automatically. If not, delete the cookie and pretend it never existed.

This way no sensitive data is stored in the cookie and you don't need to encrypt it.

Sander Marechal 2009-05-07 22:53:13

which is not the case :) I'm using it for a 'remember me' cookie.

Mark 2009-05-07 23:08:05

Answer 7

+1 A:

Based on gnarf's answer, this should do the trick:

function encode_arr($data) {
 return base64_encode(serialize($data));
}

function decode_arr($data) {
 return unserialize(base64_decode($data));
}

Just in case anyone else wants a copy-and-paste solution.

Mark 2009-05-07 23:14:35

ansaurus

tags:

views:

answers:

Encrypt array as string

related questions