All geek questions in one place

Database encryption

I have a database containing user data, including sensitive data. They are not as sensitive as financial, but nonetheless they are sensitive. Account passwords are hashed and salted, but the rest can be encrypted without a hash to allow editing.

How far could you encrypt the fields? Could you encrypt everything, including common fields, such as username, first name, last name, or only fields such as address and telephone number. The first name is often used after a user logs in.

Can someone suggest an algorithm (with sample code, if available) for encrypting fields? I use primarily PHP and MySQL.

+3
source share
3 answers

You want to encrypt the database, but you can still access it using the application. This means that the application must have a way to decrypt the data. If an attacker has access to the database, it is likely that he will gain access to the application and figure out how to decrypt the database.

You can use transparent disk encryption. However, this only protects against physical access to the disk. This does not increase security if your server is kept somewhere secure.

+2
source

I would not encrypt the fields at all, as this will be a royal pain in the back :-)

, .

, (user user_sensitive) userID. - user , ( ) user_sensitive ).

( , MySQL), , .

, , , - ​​ DB2, . , , . , , . , .

, , . MySQL, .

+4

Google " " - , - .

, :

  • encrypt a key from data that only the user knows (for example, a username / password pair)

The ofc password should not be clearly stored in any table. Keys should be stored only for the session. Thus, the attacker does not have the means to decrypt information about whether the database and / or application is compromised (forgetting for a moment the ability to change the application code and quietly collecting keys).

+3
source

Source: https://habr.com/ru/post/1753247/

More articles:


All Articles