DB encryption

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

DB encryption

Post by alex.barylski »

I might be required to store sensitive data (not quite CC numbers but possibly) for 1000's of users...

Obviously I'd like the data to be secured via a password/username pair given by the user. Basically as they login their DB is decrypted and SELECT should work as expected :)

Encrypting the MySql tables themselves isn't really an option but is likely the fastest way to encrypt a users data. Otherwise I figure I would have encrypt fields individually as their added or edited and likewise decrypted...

I'm already taking all PHP level security as well as Apache into consideration.

Is there a DB which has native encryption support so I can easily accomplish this? I imagine something like what banks use would be ideal :P

PostGREL table or perhaps a MySQL table type???

Cheers :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Full time encryption at the hardware level. :)
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Oh really....I don't think I have that kinda capital... :P

Is that what banks do?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

That's what the United States government is doing to all its computers, and what a lot of banks do. In fact there are even tamper-resistant things that will destroy the material if the seals are broken in correctly on some data stores. For example a layer of suspended acids (or other chemicals) that when the outer casing is pierced in the slightest liquefies and erodes the internals in a matter of seconds. But I digress..

That level of encryption is becoming more and more available to consumers. And really if you think about it, RAID is quite expensive to the individual but to a company, it's a simple investment that protects their data. Since this is sensitive information you really should consider the most secure solutions. You probably can't justify full biometric scan stations, but hardware level encryption isn't that hard to reach.

Hell, if memory serves, there are storage devices with encryption built in around too.

http://en.wikipedia.org/wiki/Disk_encryption_hardware
http://www.via.com.tw/en/initiatives/padlock/
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

MySQL has AES_ENCRYPT and AES_DECRYPT functions in the more recent versions (4 and above I think). I use it for storing credit card details, passwords, all sorts of things. There is a disadvantage though ... you need to store the details in a blob, so you can't easily edit them using phpMyAdmin. Thats a very minor point though. Certainly no reason not to use it.
Post Reply