database encryption

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

database encryption

Post by yacahuma »

Hello,


I am creating an application that store sensitive data. Because of the type of application , I am actually saving the data in xml format. So for example I could have name, address, phone and social security.

Should I just encrypt the whole thing or just sensitive data. ?

In general , how taxing it the encryption and decryption process for the mysql database?

Thank you
User avatar
it2051229
Forum Contributor
Posts: 312
Joined: Tue Dec 25, 2007 8:34 pm

Re: database encryption

Post by it2051229 »

to me i just usually encrypt sensitive data(sensitive to me maybe isn't sensitive to you) since everytime I insert my sensitive data on my database I have to encrypt it and it will take process time(although its fast) and whenever I need it, I have to decrypt it which again takes processing time before it gets displayed. Now imagine if you're going to do this on all your data, it'll be quite inefficient.
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: database encryption

Post by yacahuma »

Thank you,


After reading a lot of security forums, I decided to encrypt the whole thing. Now all my data is AES encrypted and all my queries use prepared statements. Basically I said to myself,What if it was my data?
jason.carter
Forum Commoner
Posts: 35
Joined: Sat Jan 10, 2009 10:05 am

Re: database encryption

Post by jason.carter »

Also it might be useful to look at the built in MySQL function for
ENCODE(str,pass_str)
and
DECODE(crypt_str,pass_str)
Post Reply