Page 1 of 1

DB encryption

Posted: Sat Jan 06, 2007 2:14 pm
by alex.barylski
I might be required to store sensitive data (not quite CC numbers but possibly) for 1000's of users...

Obviously I'd like the data to be secured via a password/username pair given by the user. Basically as they login their DB is decrypted and SELECT should work as expected :)

Encrypting the MySql tables themselves isn't really an option but is likely the fastest way to encrypt a users data. Otherwise I figure I would have encrypt fields individually as their added or edited and likewise decrypted...

I'm already taking all PHP level security as well as Apache into consideration.

Is there a DB which has native encryption support so I can easily accomplish this? I imagine something like what banks use would be ideal :P

PostGREL table or perhaps a MySQL table type???

Cheers :)

Posted: Sat Jan 06, 2007 2:23 pm
by feyd
Full time encryption at the hardware level. :)

Posted: Sat Jan 06, 2007 3:25 pm
by alex.barylski
Oh really....I don't think I have that kinda capital... :P

Is that what banks do?

Posted: Sat Jan 06, 2007 4:03 pm
by feyd
That's what the United States government is doing to all its computers, and what a lot of banks do. In fact there are even tamper-resistant things that will destroy the material if the seals are broken in correctly on some data stores. For example a layer of suspended acids (or other chemicals) that when the outer casing is pierced in the slightest liquefies and erodes the internals in a matter of seconds. But I digress..

That level of encryption is becoming more and more available to consumers. And really if you think about it, RAID is quite expensive to the individual but to a company, it's a simple investment that protects their data. Since this is sensitive information you really should consider the most secure solutions. You probably can't justify full biometric scan stations, but hardware level encryption isn't that hard to reach.

Hell, if memory serves, there are storage devices with encryption built in around too.

http://en.wikipedia.org/wiki/Disk_encryption_hardware
http://www.via.com.tw/en/initiatives/padlock/

Posted: Sun Jan 07, 2007 3:36 am
by onion2k
MySQL has AES_ENCRYPT and AES_DECRYPT functions in the more recent versions (4 and above I think). I use it for storing credit card details, passwords, all sorts of things. There is a disadvantage though ... you need to store the details in a blob, so you can't easily edit them using phpMyAdmin. Thats a very minor point though. Certainly no reason not to use it.