Re: [PHP-DB] Security question [was Searchable/Sortable Database Fields with MySQL/PHP]
Assuming they have access to the PHP files, all decoding keys would be
available there, so while encrypting the database would definitely slow up
the attacker, it would only do so until they discovered the decoding method.
Any experienced hacker would find this in no time. If you pre-compile the PHP
code so that the decoding keys are not as readily available, this would help
greatly.
Sounds like your major issue is server security here, and not data security?
Shouldn't you concentrate on keeping them out of the server in the first
place? If that's accomplished, and you don't have network ports open to the
MySQL server, and your scripts use encoding/decoding keys that are defined in
locations not available to HTTP, you should be in pretty good shape.
Just seems like you're trying to fight the wrong battle here. Although this
should be considered too. If you're only responsible for this second line of
defense, then I think this is about all you can do with the available
technology that you mention. I haven't researched this much though, so
perhaps someone else on the list can offer better suggestions.
-Micah
On Wednesday 13 July 2005 2:50 am, Jeffrey wrote:
This is an issue I've been thinking about for an application we are
developing.
Is it worth encrypting data on the database tables when anyone who can
access the application itself - or better still the server - could
readily access the encrypted data? Assuming SSL connections, secure
server, etc, would you also encrypt on the DB?
Thanks,
Jeffrey
Micah Stevens wrote:
Oh! Also, there's built in mysql functions for encryption, I forgot about
that, so you can still search, like this:
insert into table set name_field = AES_ENCRYPT('Some name', 'secret key');
select * from table where AES_DECRYPT(name_field,'secret key') LIKE
'%some';
Make sense? You'll want an SSL connection to the database of course, and
anyone that has any decent access to the server memory would be able to
get the encryption key, but if you're careful it would work.
-Micah
On Tuesday 12 July 2005 2:53 pm, Micah Stevens wrote:
Just do all your searching/sorting in PHP.. it would be slower, and if
your dataset is very large (sounds like it might be the case) it would
be impossible.. So that might be out of the question..
A bit of system engineering might find a solution too, consider which
fields you need to search/sort by, and by possibly limiting those
somewhat to just what is absolutely necessary, you might be able to get
by not encrypting those columns.
Another idea would be to provide hinting columns, essentially providing
just enough data in those columns to be able to sort with, but not enough
to give away the data. i.e. just the first 2 characters of each name.
This would allow you to search and get a smaller dataset from the
database, something you could decrypt in php, and then search further,
possibly making it manageable.
Hope that helps,
-Micah
On Tuesday 12 July 2005 2:36 pm, Matt McNeil wrote:
Greetings,
I need to securely store lots of sensitive contact information and
notes in a (MySQL or other freely available) database that will be
stored on a database server which I do not have direct access to.
This database will be accessed by a PHP application that I am
developing. However, I also need to be able to search/sort these data
with the database functions (SELECT, ORDER BY, etc) so simple PASSWORD
style encryption of specific fields would not work. (For example, I
need to encrypt
contacts' names, but need to be able to sort results by name). (I
realize I could load the entire table into memory with PHP and
process/search/sort it there, but
that's obviously not a very good solution). Ideally I would like to
encrypt entire tables. An encrypted file system is not really an
option, because the goal is to prevent loss if the database server is
hacked (in addition, I wouldn't be able to install an encrypted file
system on the database server).
My sense is that this is a difficult problem. However, I made the
mistake of promising this functionality,
so I'm scrambling to figure out some kind of solution. Any
suggestions?
Thanks so much!
Matt
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Security Question
Hi The page/form will be requested over a non secure connection. When the form is submitted the browser establishes a secure connection to the server and then sends the data, so the data is sent securely. Peter -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: 17 January 2005 03:47 To: php-db@lists.php.net Subject: Re: [PHP-DB] Security Question But what I'm saying is that if you're submitting a form from an unsecured page, to a script on a secure server, the data will still be encrypted. Anyone know this for sure to be correct? It sure makes sense this way. On Sunday 16 January 2005 07:27 pm, Peter Lovatt wrote: Hi It is better from a security point of view to have a secure login. The secure server encrypts the data between the browser and the server, making it impossible to read on its journey from you to the server. However whether it is a major security problem is another question. To view the traffic somebody must have access to the servers that route your request, which isn't easy. They then have to spot your traffic amongst all the other web traffic. If it is the login for your Swiss bank account where you hid the million you made without declaring tax then it should be secure - no question. On the other hand if it is just to login to see when your books will be delivered, with no sensitive financial information then the risk is smaller and it is unlikely that anyone is trying too hard to get your login, so an insecure login carries less risk. You could always host the login page on a non secure server but post the form to a secure server. Peter -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: 17 January 2005 02:46 To: php-db@lists.php.net Subject: Re: [PHP-DB] Security Question If it submits to a secure server the form data will be encrypted before transmission I believe. At least that's my understanding, and that seems to be how ebay does it for example. Once you log-in, it submits to a secure page. -Micah On Sunday 16 January 2005 06:38 pm, Chris Payne wrote: Hi everyone, I have a security question, I want to see if I am right or wrong. I have programmed a system with PHP and MySQL, the main system resides on a secure server, but the client wants the login page on a NON-Secure server for marketing purposes. Am I the only one who thinks this is a major security concern? Chris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Security Question
If it submits to a secure server the form data will be encrypted before transmission I believe. At least that's my understanding, and that seems to be how ebay does it for example. Once you log-in, it submits to a secure page. -Micah On Sunday 16 January 2005 06:38 pm, Chris Payne wrote: Hi everyone, I have a security question, I want to see if I am right or wrong. I have programmed a system with PHP and MySQL, the main system resides on a secure server, but the client wants the login page on a NON-Secure server for marketing purposes. Am I the only one who thinks this is a major security concern? Chris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Security Question
Hi It is better from a security point of view to have a secure login. The secure server encrypts the data between the browser and the server, making it impossible to read on its journey from you to the server. However whether it is a major security problem is another question. To view the traffic somebody must have access to the servers that route your request, which isn't easy. They then have to spot your traffic amongst all the other web traffic. If it is the login for your Swiss bank account where you hid the million you made without declaring tax then it should be secure - no question. On the other hand if it is just to login to see when your books will be delivered, with no sensitive financial information then the risk is smaller and it is unlikely that anyone is trying too hard to get your login, so an insecure login carries less risk. You could always host the login page on a non secure server but post the form to a secure server. Peter -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: 17 January 2005 02:46 To: php-db@lists.php.net Subject: Re: [PHP-DB] Security Question If it submits to a secure server the form data will be encrypted before transmission I believe. At least that's my understanding, and that seems to be how ebay does it for example. Once you log-in, it submits to a secure page. -Micah On Sunday 16 January 2005 06:38 pm, Chris Payne wrote: Hi everyone, I have a security question, I want to see if I am right or wrong. I have programmed a system with PHP and MySQL, the main system resides on a secure server, but the client wants the login page on a NON-Secure server for marketing purposes. Am I the only one who thinks this is a major security concern? Chris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Security Question
But what I'm saying is that if you're submitting a form from an unsecured page, to a script on a secure server, the data will still be encrypted. Anyone know this for sure to be correct? It sure makes sense this way. On Sunday 16 January 2005 07:27 pm, Peter Lovatt wrote: Hi It is better from a security point of view to have a secure login. The secure server encrypts the data between the browser and the server, making it impossible to read on its journey from you to the server. However whether it is a major security problem is another question. To view the traffic somebody must have access to the servers that route your request, which isn't easy. They then have to spot your traffic amongst all the other web traffic. If it is the login for your Swiss bank account where you hid the million you made without declaring tax then it should be secure - no question. On the other hand if it is just to login to see when your books will be delivered, with no sensitive financial information then the risk is smaller and it is unlikely that anyone is trying too hard to get your login, so an insecure login carries less risk. You could always host the login page on a non secure server but post the form to a secure server. Peter -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: 17 January 2005 02:46 To: php-db@lists.php.net Subject: Re: [PHP-DB] Security Question If it submits to a secure server the form data will be encrypted before transmission I believe. At least that's my understanding, and that seems to be how ebay does it for example. Once you log-in, it submits to a secure page. -Micah On Sunday 16 January 2005 06:38 pm, Chris Payne wrote: Hi everyone, I have a security question, I want to see if I am right or wrong. I have programmed a system with PHP and MySQL, the main system resides on a secure server, but the client wants the login page on a NON-Secure server for marketing purposes. Am I the only one who thinks this is a major security concern? Chris -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Security Question
From: Dylan Barber [EMAIL PROTECTED] I am accessing a database on my site from another site - I am not the only developer on the other site and there is the potential for someone to access the database for nefarious purposes from the other site. Can I somehow protect the password and still have it work? What database? I assume you mean your PHP script is logging into a remote database and you're concerned about the password being in the script? Not much you can do about it, really. You can log in over SSL (depending upon your database), which will protect the password in transit, but it's still sitting in the file. If you can't trust users on the server that you're on, find a better server. :) Or I had thought of this but I didn't know if it wuld or should work - include all my database routines in an include file and do something like include once http://domain.com/include.php; would that even work? It will work, but not like you're thinking. You'll get the _result_ of the PHP file and not the actual code. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
