CRNRSTN is a free open source PHP class library that facilitates the operation of a LAMP application within multiple server environments (e.g. localhost, stage, production, .etc) effectively and properly joining the "wall of SERVER" to the "wall of application"...creating the two into one house.

:: DOWNLOAD

:: ABOUT

:: LICENSING

:: DONATE

CRNRSTN v2.0.0 :: DOCUMENTATION

Suite Methods by Purpose

http encryption tunneling ::

Application security and data hygiene can be significantly enhanced with the basic and consistent (only as strong as the weakest link) utilization of the CRNRSTN Suite v2.0.0 and its encryption tunneling protocols. Sending data safely server to server (e.g. SOAP) and between the server and client can be achieved with minimal effort and maximum data integrity through the strategic application of this functionality across all data touch points within your application(s). I have some apps where all data contained within hidden form fields is encrypted. When I have foreign keys appended to a link that will go directly into the hidden fields of a form...and then directly into my database!!..I will NOT spend additional server resources to confirm their accuracy before the MySQL INSERT by racking up extra and peripheral MySQL database hits. If the data is corrupted in the link, paramTunnelDecrypt() will throw an exception that can be handled with grace before the face of the end user (which could be my boss), and the database will only receive bona fide clean data.

Note ::

There are many encryption algorithms available...even version to version (or configuration) of PHP...and they have different requirements as far as the processing resources (memory) needed for them to execute. Before globally applying a layer of encryption to a high traffic application, it is recommended that some baseline performance metrics be established and that at least some load testing be performed to ensure that the chosen encrypt/decrypt algorithm will not cause debilitating (e.g. leading to significant site response lag or crash) spikes in the resource requirements of the overall application.

Example 1 ::

Send data to hidden fields of a form or append variables to a link after 1) passing the raw data through paramTunnelEncrypt() and 2) receiving in return a unique and encrypted string that can be used in the form or link and then taken to point of insertion and decrypted at that location before..for example...a MySQL database INSERT. Be creative to save time and your effort; you can even append several sensitive parameters together (delimited by pipe, comma, ampersand, etc.), encrypt the entire string, and send it to where you need it before decryption and further processing to conclusion. For just one second, imagine ALL links in your site...apparently...having only one (1) variable (the name of which never changes) at the end. ;) Please note, objects and arrays are a couple of data structures that CANNOT BE ENCRYPTED (but...who puts an object in a hidden text input field of a form anyways, right?).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

<?php
/*
// J5
// Code is Poetry */
require('_crnrstn.root.inc.php');
include_once($CRNRSTN_ROOT . '/_crnrstn.config.inc.php');

//
// HERE IS SOME DATA THAT IS TO BE INJECTED INTO A COUPLE OF
// HIDDEN FIELDS IN A FORM (POST) OR APPENDED TO A LINK ON THE
// RETURNED PAGE (GET), AND WHICH *WE DO NOT WANT TO GO ACROSS
// AS CLEAR TEXT*.
$six_figure_bank_account_number = '1234567890';
$personal_preference = 'pink panties';

//
// PLEASE NOTE, THE TUNNEL ENCRYPT KEY IS TO BE MANAGED GLOBALLY
// IN THE CRNRSTN CONFIG FILE FOR THE ENTIRE APPLICATION BUT CAN
// ALSO BE OVERRIDDEN LOCALLY AT FUNCTION CALL ACCORDING TO THE
// NEED OF THE APPLICATION.
$accnt_num_ENCRYPTED = $oCRNRSTN_USR->paramTunnelEncrypt($bank_account_number,'encrypt_key_local_override');
$personal_pref_ENCRYPTED = $oCRNRSTN_USR->paramTunnelEncrypt($personal_preference);

//
// DON'T WORRY, YOUR INFORMATION IS UNREADABLE. ALSO, ANY
// CHANGE TO THE FOLLOWING OUTPUT STRINGS WILL CAUSE THE
// DECRYPTION ALGORITHM AT THE RECEIVING SERVER (ALSO
// RUNNING ON TOP OF CRNRSTN :: ;) ) TO THROW AN EXCEPTION.
echo $accnt_num_ENCRYPTED;
echo '<br>= = =<br>';
echo $personal_pref_ENCRYPTED;


?>

Example 1 Output ::

= = =
SUdWs68h5nOmXDd%2FVyF0IMSWiwJKBMb5P0OQYDdP92ERZ4N6Z7gsgL8pASFttQd5iUFUO2jFe375hk5O