Assuming they have access to the PHP files, all decoding keys would be
available there, so while encrypting the database would definitely slow up
the attacker, it would only do so until they discovered the decoding method.
Any experienced hacker would find this in no time. If you pre-compile the PHP
code so that the decoding keys are not as readily available, this would help
greatly.
Sounds like your major issue is server security here, and not data security?
Shouldn't you concentrate on keeping them out of the server in the first
place? If that's accomplished, and you don't have network ports open to the
MySQL server, and your scripts use encoding/decoding keys that are defined in
locations not available to HTTP, you should be in pretty good shape.
Just seems like you're trying to fight the wrong battle here. Although this
should be considered too. If you're only responsible for this second line of
defense, then I think this is about all you can do with the available
technology that you mention. I haven't researched this much though, so
perhaps someone else on the list can offer better suggestions.
-Micah
On Wednesday 13 July 2005 2:50 am, Jeffrey wrote:
This is an issue I've been thinking about for an application we are
developing.
Is it worth encrypting data on the database tables when anyone who can
access the application itself - or better still the server - could
readily access the encrypted data? Assuming SSL connections, secure
server, etc, would you also encrypt on the DB?
Thanks,
Jeffrey
Micah Stevens wrote:
Oh! Also, there's built in mysql functions for encryption, I forgot about
that, so you can still search, like this:
insert into table set name_field = AES_ENCRYPT('Some name', 'secret key');
select * from table where AES_DECRYPT(name_field,'secret key') LIKE
'%some';
Make sense? You'll want an SSL connection to the database of course, and
anyone that has any decent access to the server memory would be able to
get the encryption key, but if you're careful it would work.
-Micah
On Tuesday 12 July 2005 2:53 pm, Micah Stevens wrote:
Just do all your searching/sorting in PHP.. it would be slower, and if
your dataset is very large (sounds like it might be the case) it would
be impossible.. So that might be out of the question..
A bit of system engineering might find a solution too, consider which
fields you need to search/sort by, and by possibly limiting those
somewhat to just what is absolutely necessary, you might be able to get
by not encrypting those columns.
Another idea would be to provide hinting columns, essentially providing
just enough data in those columns to be able to sort with, but not enough
to give away the data. i.e. just the first 2 characters of each name.
This would allow you to search and get a smaller dataset from the
database, something you could decrypt in php, and then search further,
possibly making it manageable.
Hope that helps,
-Micah
On Tuesday 12 July 2005 2:36 pm, Matt McNeil wrote:
Greetings,
I need to securely store lots of sensitive contact information and
notes in a (MySQL or other freely available) database that will be
stored on a database server which I do not have direct access to.
This database will be accessed by a PHP application that I am
developing. However, I also need to be able to search/sort these data
with the database functions (SELECT, ORDER BY, etc) so simple PASSWORD
style encryption of specific fields would not work. (For example, I
need to encrypt
contacts' names, but need to be able to sort results by name). (I
realize I could load the entire table into memory with PHP and
process/search/sort it there, but
that's obviously not a very good solution). Ideally I would like to
encrypt entire tables. An encrypted file system is not really an
option, because the goal is to prevent loss if the database server is
hacked (in addition, I wouldn't be able to install an encrypted file
system on the database server).
My sense is that this is a difficult problem. However, I made the
mistake of promising this functionality,
so I'm scrambling to figure out some kind of solution. Any
suggestions?
Thanks so much!
Matt
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
