Overview
KB
Learn PHP
PHP techniques
PHP Smarty Functions
PHP Web Email
Secure development
PHP Security Scenario
SSH and SFTP
PHP Smarty
PHP Smarty Modifiers
PHP Smarty Caching
PHP Smarty Misc
CakePHP
Zend Framework
PHP basics

PHP Security Scenario

We are learning how Secure PHP development and deployment with SSH and SFTP, the topic started here. Let us now understand how Public authentication works with the pair of Public and Private keys.The best way to explain it is by using an imaginary plot for James Bond movie. No, James Bond is not known to be a PHP developer or much of SSH or SFTP user, but here is the scenario: James Bond is sending an urgent message to M. He is using “Harry Potter and the Sorcerer's Stone” novel as the key for the encrypted message. Well, the Harry Potter novel might be a bit too heavy to carry around in the tuxedo pockets, but 007 is the super agent after all. M. gets the message and decrypts it using “Harry Potter and the Philosopher's Stone” book. Sounds simple? Well, this is pretty much what happens in Public key authentication:
  • James Bond’s book becomes your Private key
  • M.’s book becomes the Public Key
  • James Bond himself is the encrypting agent – the role played by you SSH client
  • M. is of course the decrypting agent – that will be the SSH daemon, such as openssh.
  • SSH client creates your digital signature using Private Key, sends it over to SSH daemon on the login server (where you probably deploy or debug PHP files), SSH daemon decrypts it with the Public Key and sees that you are who you say you are.
  • The most important thing here is that no one can decrypt the message without the private key – probably even James Bond himself! That is why you need to watch it as a hawk and store it on your local computer.
  • Just like Harry Potter novel would be too heavy to send over to the MI6 headquarters, Private Keys are never sent to the login server. SSH will only pass the encrypted message.
Admittedly the explanation above might sound a bit childish, but it should really make it clear. Lets now get back to Secure PHP development and deployment with SSH and SFTP and learn how to generate Public and Private keys in PHP IDE

 Download NuSphere PHP IDE

Download a free trial of the fast PHP EDitor and robust Integrated Development Environment for PHP.

 Buy NuSphere PhpED® now

Best PHP Editor and complete PHP IDE.
NuSphere PhpED 21.0 is available from our online store front.

 Special Team4 Offer

Get 4 copies of PhpED for the price of 3!

Optimum solution for development teams.
PhpED 21.0 Team4
Need more than 4 licenses? Contact Us for more quantity discounts, please use "Ordering/Payment issue" subject on the form.
"To be honest its bloody awesome, I have looked at loads of PHP editors and this is THE only one that actual works straight out of the box!!! Brilliant, well done."
Andrew Breward,
Director of Technology
caboodal.com