Page 1 of 1

database encryption

Posted: Fri Jan 09, 2009 6:36 pm
by yacahuma
Hello,


I am creating an application that store sensitive data. Because of the type of application , I am actually saving the data in xml format. So for example I could have name, address, phone and social security.

Should I just encrypt the whole thing or just sensitive data. ?

In general , how taxing it the encryption and decryption process for the mysql database?

Thank you

Re: database encryption

Posted: Fri Jan 09, 2009 6:45 pm
by it2051229
to me i just usually encrypt sensitive data(sensitive to me maybe isn't sensitive to you) since everytime I insert my sensitive data on my database I have to encrypt it and it will take process time(although its fast) and whenever I need it, I have to decrypt it which again takes processing time before it gets displayed. Now imagine if you're going to do this on all your data, it'll be quite inefficient.

Re: database encryption

Posted: Sat Jan 10, 2009 6:43 am
by yacahuma
Thank you,


After reading a lot of security forums, I decided to encrypt the whole thing. Now all my data is AES encrypted and all my queries use prepared statements. Basically I said to myself,What if it was my data?

Re: database encryption

Posted: Sun Jan 11, 2009 3:33 pm
by jason.carter
Also it might be useful to look at the built in MySQL function for
ENCODE(str,pass_str)
and
DECODE(crypt_str,pass_str)