0

I have 2 versions of the same database. One uses M/S Access and is installed on stand alone laptops, the second is web based MySQL/HTML/PHP. The database is simple ie a single table with cuirrent 8000 records with 32 fields/record which is expanding at around 1000 records per year.

What I would love is a stand alone solution that can be browser based, i.e. Internet connection not required. Is it possible to create a web based version using my HTML/PHP skills where the data is stored encrypted in a flat file, and only the search results being returned unencrypted, and it all being packaged in an installer.

I can imagine there being more security issues, and whilst the data has no financial value to anyone ( it is very specialised scientific data) it has taken a lot of effort to compile it.

If this concept is possible with modest programming skills, I would be greatful if you could take a few minutes to reply suggesting what approaches I should investigate especially on the data encryption/unencryption side.

Thanks in advance for all those that reply. I will make this post solved once I have some ideas to work on.

Regards
Stephen UK

4
Contributors
8
Replies
10
Views
5 Years
Discussion Span
Last Post by stephen_UK
0

There is no guarantee that your data will remain encrypted. The reason is that if you distribute these encrypted data, the decryption must be supported by the browser and without internet connection. That leaves you to only one type of encryption method, the javascript encryption. This type encryption can be easily broken by anyone who can search the internet.

The second option is to distribute your application with lightweight xampp thumb drive edition, pre-stored your data with base64_encode.. this should give you an encryption very identical to the BLOB data. Actually, blob data seems to appear to me as just another derivative of base64 hashing. The downside of this if the user try to take a peek on the database, they can of course decode everything using a simple base64_decode function.

The third option is to utilize option two above, with the only exemption of not having a built in database in the distribution. The client only needs the ability to run pHP script on their desktop. However, this will require an Internet connection to retrieve data from your server.

The idea is simple, you just need to provide a unique ID.. the php script included in the xampp will then access the Internet and validate the unique ID with the remote server (your server). If the unique ID is valid, then the cURL in the local xampp gets executed to retrieved the decrypted data coming from your site.

The advantage of this is you have more control over the access of your important data. The downside is that the client must have an Internet connection.

The Fourth option is to use part of the option three, but encrypt your entire source code with ioncube. This is safe at the moment unless they want to spend $14.00 per page to have it decrypted. You can wrap your important data into php variable. Test your script, and then encrypt everything with ioncube.

In summary, the fourth option can protect your data. Secondly, you can encrypt your php source with ioncube, and then package your distribution with xampp and ioncube loader. Your cost? 0.50 cents per file

Edited by veedeoo: more info added

0

Curious. You have standalone laptops that access a DB (MS Access). So from what I gather, all these different computers have different copies of the same original DB, which by now will all be different (assuming update/insert privileges). If changes are allowed, how do you sync these with the master DB?

Do you update each DB manually every year (ie add the 1000 extra records) or do you just supply a new DB to each computer?

If you want php capability on these standalones, you'll need to install php/mysql on each OR as veedeoo suggests, use a thumb drive. Personally, I'd do the latter. Remember, any php code you write for encrypting/decrypting will be visible to the user if they open the php file as a text file. All your clever little secrets! But again, as veedeoo suggests - ioncube could help here.

I can imagine there being more security issues, and whilst the data has no financial value to anyone ( it is very specialised scientific data) it has taken a lot of effort to compile it.

So what's the problem? Are you selling the data? Is the data sensitive? You don't want people passing this compiled data around? If you're not benefitting financially from this DB and it's not sensitive info, why does it need to be encrypted? Again, just curious.

Edited by diafol

0

Veedeoo, Diafol many thanks for you replies. In response todiafol's query the database is read only. Only I update the web version about 4 times/year and the stand alone version twice a year as the organisations that use the data would not want to update more frequently than that, as their users can be spread in many locations in their respective countries. I will look into Veedeoo's latter suggestion.

I will leave the question un-resolved until early next week just in case other standalone search options (read only) are voiced.

Thanks again
Stephen

0

You are very much welcome. Just let us know if you need help in setting up the xampp package with ioncube loader.

0

I've just been thinking about this standalone issue. I assume that you could use an SQLite DB and store it in localStorage. That way you just use javascript to access the data. No server need be involved at all, as long as you use a browser that supports HTML5 DB / localStorage. Modernizer can be used for those that don't. The sqlite file should be kept in the 'app' directory as a backup against inadvertent / deliberate deletion of the localStorage data by the user.
Obviously the data will not be secured. This may alleviate the need for proprietry software or the need to run Apache/IIS (or other) webserver from computer or thumbdrive.
This is just me thinking aloud - I haven't researched it fully. The thing I couldn't work out was how to get sqlite file to localStorage. Needs to think...

Maybe a json-based data store?

0

Forget my localStorage ramblings. It looks like early days on that front at the moment. However, the json data may have some legs. As you're only retrieving data and it's a flat DB (one table), it should be 'reasonably' straightforward.

Outputting data to json in the first place (for 6 month updates) via php from mysql is easy. And then you just send off the replacement json (js) file.

I'm no js evangelist - in fact I totally suck at js. My take:

data.js file:
var data = '{{ ...json data...}}'; //all single quotes need to be escaped
//include all array searching / sorting functions here too

data.html
<script src='data.js'></script>

Add data display area and action buttons / sort / filter widgets

That's it. You could always obfuscate/minify/compress the code, but that won't protect it.

0

My approach would be to create not so much as a database but just a flat file, say tab delimited. You can read the entire thing into memory with PHP and manipulate the data as needed.

You could either run a web server locally (Macs have this already built in) or run it command-line based if suitable.

You'd want it to prompt for a username/password before proceeding.

You would write functions to add a new row of data, delete a row given an id, change a value given an id and column name, etc.

The entire project could be encrypted with PHPshadow. That's the cheapest PHP encryption I've found - only 5 Euros to encrypt (during a 48-hour period) or 0.99 if you do it online. Only thing is it is not available for Windows.

Regarding javascript encryption, remember that if the browser can see it, so can you. In other words, javascript encryption is pointless.

0

Thanks to you all. I have marked the issue solved as I now have a number of avenues to explore thanks to your kind input. It is much appreciated.
Many thanks
Stephen

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.