Re: [PHP] How to store encrypted data and how to store the key?

2010-06-23 Thread Michael Shadle
On Wed, Jun 23, 2010 at 12:43 PM, Peter Lind wrote: > I'm just wondering if this is a correct understanding: > 1. plaintext data arrives on the web frontend. or over SSL > 2. It's sent to the app server SSL or non-SSL - your choice > 3. It's encrypted and sent to the DB server encrypted or n

Re: [PHP] How to store encrypted data and how to store the key?

2010-06-23 Thread Peter Lind
On 23 June 2010 20:55, Michael Shadle wrote: > I talked with a friend who actually had this implemented before and > banks had signed off on it after reviewing it. > > load balancer (irrelevant to the security piece) > > web server(s) - only accepts traffic to port 80/443. can only forward > reque

Re: [PHP] How to store encrypted data and how to store the key?

2010-06-23 Thread Michael Shadle
rote: >> -Original Message- >> From: Peter Lind [mailto:peter.e.l...@gmail.com] >> Sent: Wednesday, June 23, 2010 12:22 AM >> To: Michael Shadle >> Cc: PHP-General >> Subject: Re: [PHP] How to store encrypted data and how to store the key? >> >>

Re: [PHP] How to store encrypted data and how to store the key?

2010-06-23 Thread Bastien Koert
On Wed, Jun 23, 2010 at 6:09 AM, Peter Lind wrote: > On 23 June 2010 10:09, Michael Shadle wrote: >> On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham wrote: >> I haven't had to implement a scheme like this but for an app I'm working on we've been considering the same issues in order to kee

Re: [PHP] How to store encrypted data and how to store the key?

2010-06-23 Thread Peter Lind
On 23 June 2010 10:09, Michael Shadle wrote: > On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham wrote: > >>> I haven't had to implement a scheme like this but for an app I'm working on >>> we've been considering the same issues in order to keep member data safe. >>> I would say your best bet is to ke

Re: [PHP] How to store encrypted data and how to store the key?

2010-06-23 Thread Michael Shadle
On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham wrote: >> I haven't had to implement a scheme like this but for an app I'm working on >> we've been considering the same issues in order to keep member data safe. >> I would say your best bet is to keep the decryption key in memory while the > > This i

RE: [PHP] How to store encrypted data and how to store the key?

2010-06-23 Thread Tommy Pham
> -Original Message- > From: Peter Lind [mailto:peter.e.l...@gmail.com] > Sent: Wednesday, June 23, 2010 12:22 AM > To: Michael Shadle > Cc: PHP-General > Subject: Re: [PHP] How to store encrypted data and how to store the key? > > On 23 June 2010 09:11, Michael Sh

Re: [PHP] How to store encrypted data and how to store the key?

2010-06-23 Thread Michael Shadle
On Wed, Jun 23, 2010 at 12:21 AM, Peter Lind wrote: > I haven't had to implement a scheme like this but for an app I'm > working on we've been considering the same issues in order to keep > member data safe. I would say your best bet is to keep the decryption > key in memory while the app is runn

Re: [PHP] How to store encrypted data and how to store the key?

2010-06-23 Thread Peter Lind
On 23 June 2010 09:11, Michael Shadle wrote: > This is somewhat related to the whole PCI/credit card discussion a > couple weeks back. The consensus was basically "leave it to other > people" - however, what if YOU are the other person? > > I wonder if anyone has some BKMs to share about encryptin