| 6 |
1. For making your users passwords viewable by admins. |
1. For making your users passwords viewable by admins. |
| 7 |
2. As a very simple general purpose AES encryption system to use in other modules. |
2. As a very simple general purpose AES encryption system to use in other modules. |
| 8 |
|
|
| 9 |
|
REQUIREMENTS |
| 10 |
|
---------------------- |
| 11 |
|
This module requires that PHP has the mcrypt extension installed. If you're on a shared host, this may not be the case and unfortunately your only option then is to mail their support and ask for it. |
| 12 |
|
As far as I can tell, this module also requires a PHP version of at least 4.3.0. However this module has NOT been tested on anything less |
| 13 |
|
than PHP 5.2. |
| 14 |
|
|
| 15 |
|
Also note that although this module SHOULD work on Windows and with a MySQL database, it has only been tested on Linux with a PostgreSQL |
| 16 |
|
database. |
| 17 |
|
|
| 18 |
ABOUT KEY STORAGE METHODS |
ABOUT KEY STORAGE METHODS |
| 19 |
---------------------- |
---------------------- |
| 20 |
Something you should pay attention to (if you want any sort of security) is how you store your encryption key. You have the option of storing it in the database as a normal Drupal variable, this is also the default, but it's the default only because there is no good standard location to store it. Switching to a file-based storage is strongly encouraged since storing the key in the same database as your encrypted strings will sort of nullify the point of them being encrypted in the first place. Also make sure to set the permission on the keyfile to be as restrictive as possible, assuming you're on a unix-like system running apache, I recommend setting the ownership of the file to apache with the owner being the only one allowed to read and write to it (0600). Naturally this isn't ideal either, but I haven't been able to figure out a more secure way for now. If you got any ideas, please let me know. |
Something you should pay attention to (if you want any sort of security) is how you store your encryption key. You have the option of storing it in the database as a normal Drupal variable, this is also the default, but it's the default only because there is no good standard location to store it. Switching to a file-based storage is strongly encouraged since storing the key in the same database as your encrypted strings will sort of nullify the point of them being encrypted in the first place. Also make sure to set the permission on the keyfile to be as restrictive as possible, assuming you're on a unix-like system running apache, I recommend setting the ownership of the file to apache with the owner being the only one allowed to read and write to it (0600). Naturally this isn't ideal either, but I haven't been able to figure out a more secure way for now. If you got any ideas, please let me know. |
Parent Directory
| 
Revision Log
| 
Revision Graph
| 
Patch