Joe Leo wrote:
Still, I wonder why you want to do that? Do you distrust your
hosting company that much? In that case I'd look for a different
provider.
Well, I am just looking into a solutions to encrypt data. The question
as to why I would want to do that is not the question - But, thanks
for asking.
What are you trying to protect and who are you protecting it against?
I'm looking to protect data/information that could be the software
code and/or customer's client info.. Protection should be from anyone
who does not need to have access to the website data or the DB... Of
course, data will be shown to users (web client) who has been given
access to view this data from the application.
What I am interested in is to find the most effective and most secure
way to upload my website & db to remote host and the data is fully
protected by encryption.
I will look into the ionCube suggested earlier - Though this seems to
be a PHP only base solution. From what I gather, a product like
TrueCrypt could be better as I can encrypt an entire volume or folder
and it's done - Regardless of type of code or application that exist
or being encrypted.
I think there's a little bit of shortsightedness going on here. If any
reasonable security is to be expected, the entire system from start to
finish must be evaluated. How much security do you expect? Who and what
do you trust to be secure? Is your development PC secure? Could it be
loaded with spyware that is sending your keystrokes off to the bad guys?
Do you trust the guy/girl standing behind you looking over your
shoulder? Do you trust the web host that manages your website's server?
How about the server monkey managing the nightly backups? Or the hacker
on your shared web host running the sniffer? Or the 13 year old from
Hungary secretly running irc proxies on your dedicated host? Or the
NSA's tap at AT&T's networks? Could your client/customer's PC be
infected with spyware? Could their neighbor be running a
man-in-the-middle attack on the wireless network? How about the guy
physically standing behind him, or perhaps the nosy wife digging through
her husbands Gmail account? My point here is that there are so many
points at which the security of data could be compromised. Dan's
question is extremely relevant and should be examined thoroughly if the
true objective is to implement data security.
Unfortunately, for most people (including our government), the
perception of security takes priority over actual security. Slapping an
official looking "seal of security" gif on to the bottom of the web
order form and maybe prepending "https" to the URL (regardless of what's
running under the hood!) is often sufficient for the general population.
~Rolan
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
