There are some huge legacy systems whose dependencies on PHPs' mcrypt
are extremely important and vital (including the data storage in database). I need to find a way to maintain this library while upgrading to PHP 7.2 (which already worked fine).
My local test environment is Windows. The live environment is run on CentOS.
Some of the answers I have seen is decrypting and change mcrypt to openssl (I think that's not possible at the moment since there's a lot of data to decrypt).
Another way lights to download a lower PHP version with mcrypt
-support, copy the extension and add it to php.ini (I do not even know the folder).
Downgrading PHP to 5.6 it's not suitable due to security issues.
Any light in what could be done in this scenario?
Basically I think you have mentioned all possibilities and you do not have a choice. Do not downgrade to PHP 5.6 this approach has no future.
MCrypt was removed from PHP for one of the main reasons why you want to upgrade PHP: Security. The MCrypt library is not maintained anymore. Therefore installing the MCrypt extension is also a bad idea. But it can be a temporary solution (follow e.g. those instructions https://serverpilot.io/community/articles/how-to-install-the-php-mcrypt-extension.html).
The only good solution is migrating from mcrypt to something else. There are questions regarding this topic on Stackoverflow already (e.g. Upgrading my encryption library from Mcrypt to OpenSSL). Alternativly you could use some encryption library. Migrating a large amount of code/data might be a pain but this is the most future-oriented approach in this case.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With