I have a program written in C#, and a file in PHP. I need to be able to load information from the PHP file to use in my application. As it happens, the information will contain the database connection details which the PHP script has access to. I know I could just echo these in PHP, then read them using C#, but I need a more secure method really to prevent anyone from just loading the PHP script in a browser and reading the database credentials. I'm not an expert in encryption, but I'm fairly confident in both languages. I'm just not sure how to encrypt something with a key in one language, then decrypt it with another. Can anyone point me in the right direction?
May I ask if there is any reason you need to grab the database information from the PHP file? If the database address (or username or password) changes so often you need to load it from an external source, you'll probably be better off if you code the connection info into your C# application. I'm just having a hard time imagining a situation where this would be the best thing to do. However, if you really want to go this route, I'd suggest using Base64 encryption. It's the only encryption method I've seen which exists within PHP and C#, but that doesn't include user created libraries and the like. here is an example of base 64 encryption within c#. My apologies if it doesn't work for you, I'm just fluent in google, not c#. And of course, here is the PHP manual page on base64 encryption. Best of luck
Thanks for the reply. The way it works is - the user installs a PHP script, sort of like a CMS. I'm now writing a desktop application which will let users of the CMS log in to the system using the same username/password as the PHP version. To do this I need to connect to the same database server as the PHP script, and it's easier for a user to say "I installed my PHP script at http://blah/", and specifiy their username/password than it is to give the database host, username, password, database, CMS login name and password. Base 64 isn't reallly secure though, anyone could just decode the information and read the server connection details because no key is used.
Ah, now I understand. Yes, you're right, base64 wouldn't be secure for that kind of transaction. You could embed a small browser into your C# application and let the user navigate the web app that way. But, I'm guessing you're wanting to let your C# application have a desktop feel, not be a browser environment. You could use PGP encryption, but you'd have to work pretty hard to get it working in C# and PHP. You could also have the user enter the database connection information into the C# app upon installation, and then just save it to disk for later use. That would save you the security concerns.