Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
The Mcrypt library has been deprecated as of PHP 7.1.0 and removed entirely in PHP 7.2.0. Its use in modern applications is strongly discouraged due to its outdated and insecure cryptographic algorithms.
Using deprecated encryption methods can lead to significant security vulnerabilities, including susceptibility to brute force attacks and other forms of cryptographic hacking. These vulnerabilities can lead to the exposure of sensitive user data, which can have severe legal and reputational consequences.
To avoid this, it is recommended to use modern and secure encryption methods, such as the openssl_encrypt function with “aes-256-gcm” cipher method or the sodium_crypto_aead_aes256gcm_encrypt function. These methods provide strong encryption and are actively maintained, ensuring that your application remains secure against the latest threats. Maintaining an awareness of current best practices in cryptographic security is an essential part of responsible PHP development.
Non-Compliant Code Examples
<?php// Weak encryption using openssl with DES
$key="key";$data="Sensitive Data";openssl_encrypt($data,"des-ofb",$key,$options=OPENSSL_RAW_DATA,$iv);// Noncompliant
<?php// Weak encryption using mcrypt with DES and ECB mode
$key='bad-key-';$data='Sensitive Data';$encryptedData=mcrypt_encrypt(MCRYPT_DES,$key,$data,MCRYPT_MODE_ECB);
Compliant Code Examples
<?php// Strong encryption using sodium with aes-256
$key="key";$data="Sensitive Data";$nonce="fh574569";sodium_crypto_aead_aes256gcm_encrypt($data,'',$nonce,$key);
<?php// Strong encryption using openssl with aes-256
$key="key";$data="Sensitive Data";openssl_encrypt($data,"aes-256-gcm",$key,$options=OPENSSL_RAW_DATA,$iv);
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- php-security # Rules to enforce PHP security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines