Securing Sensitive Data Between a PHP Script and the Compiled C Program that Authenticates the Token

20070513: The AuthEngine product from CryptoCard is easiest to use from a compiled C program.  If this is done, the token key and challenge (both sensitive) must be passed from the PHP script to the compiled C program; and the updated challenge (also sensitive) must be passed back to the PHP script.

I made a newsgroup post inquiring about the most secure way to pass information back and forth between a PHP script and a compiled C program, and received several helpful replies.

To summarize my thoughts and the replies to the newsgroup post, the mechanisms under consideration were:

• Unix pipes.
• Files (presumably, the C program would accept its input and return its results using files).
• Via the command line, plain.  (This is known to be insecure, as command-line arguments are visible to all in a Unix/Linux system.)
• Via the command-line, encrypted using a key shared between the PHP script and the compiled program.  (Presumably, the key would be compiled into the program.)
• Encapsulated into PHP by adding modules to PHP.  (Substantial technical investigation would need to be done to use this approach.)

Unix pipes seem to me to be the best overall approach.  It was pointed out in the newsgroup replies that pipes exchanges can be monitored by processes with the same UID/GID; but this is a universal security concern not unique to pipes.

The appropriate functions to use from PHP are the proc_open() and related functions.  Using this approach, the compiled program can simply read from stdin and write to stdout.  Additionally, this makes the compiled program straightforward to test—the input and output can be provided/accepted from/to the console, or redirected from/to files.

This web page is maintained by David T. Ashley.  Local time on this server (at the time the page was served) is