Re: Re: Encrypt database table

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




emil@xxxxxxxxxxxx wrote:
Hi,

What methods do you guys use to keep a mysql table encryped, or well atleast a major part of it. Security is very important and I want to use a public and private key. Is GPG the only safe way? It's hell of an overhead using GPG on every col, even a very short string is easily 1000 characters when encrypted in gpg.

Best Regards Emil

Personally my initial instinct is store everything on a secure non public facing database server and don't worry about encrypting the tables; if somebody can get in to your server and into the database then things need looked at higher up the access chain.


As you know everything is vulnerable and securing your systems is not by finding you gave the access or who's fault the breach is. As long as you take more measures then you get more secure. In addition to this the fact that for e.g. a user table has encrypted passwords means that if the database gets compromised then the passwords will not get accessed without brute force.

That is why encryption is needed and is mandatory in some cases.

If it's a staffing thing then that's what permissions are for; and if it's for storing things like credit card details; just don't - the major payment gateways will do this for you so all you need to store is the transaction id's and auth codes.

The major payment gateways probably use encryption as one measure of protection.


regards

nathan


--
Thodoris


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux