17.3     Protecting your data

This is NOT the latest copy of this book; click here for the latest version.

The Internet is the most unsafe computing environment in existence, and there are simply hundreds of thousands of people out there who would happily take control of your server through underhanded means if they could.

Practising the art of encryption, both for data you store locally and for data you send to and from your clients and other data consumers, is not only recommended , but it is a staple requirement for anything done in conjunction with the Internet. The easiest way to protect your data is to hash it, but to get true protection you need full-blown encryption.

Hashing is the process of taking information and transforming it into a fixed-length value that is a checksum of the information. For example, the hash sum of a file is often used with downloads - if you download a file from the web and it matches the hash sum the site reports, then you know you have got a complete download of the file.

Back on page 23 we covered the Secure Hash Algorithm SHA1, which generates hash values from any information you pass to it - this is a great algorithm to use when you are storing passwords or other sensitive information on your server. If you store any information that is sensitive and someone hacks into your system, the information will be freely available to them - not so if you hash it.

The downside to hashing is that you cannot get the original data back - the only way to find out what was originally entered is to try out all possibilities of information. Naturally, there is an infinite number of combinations - hopefully you can see why hashing is so secure!

One big advantage to hashing data is that the hash is always a predictable size - each hash will create a certain number of characters no matter how much data you pass in. This is perfect for use in fixed-length database fields. However, if you want to be able to restore your original information at will, you need to use encryption.