emil@xxxxxxxxxxxx wrote:
Hi,
What methods do you guys use to keep a mysql table encryped, or well
atleast a major part of it. Security is very important and I want to
use a public and private key. Is GPG the only safe way? It's hell of
an overhead using GPG on every col, even a very short string is
easily 1000 characters when encrypted in gpg.
Best Regards Emil
Personally my initial instinct is store everything on a secure non
public facing database server and don't worry about encrypting the
tables; if somebody can get in to your server and into the database
then things need looked at higher up the access chain.
As you know everything is vulnerable and securing your systems is not by
finding you gave the access or who's fault the breach is. As long as you
take more measures then you get more secure. In addition to this the
fact that for e.g. a user table has encrypted passwords means that if
the database gets compromised then the passwords will not get accessed
without brute force.
That is why encryption is needed and is mandatory in some cases.
If it's a staffing thing then that's what permissions are for; and if
it's for storing things like credit card details; just don't - the
major payment gateways will do this for you so all you need to store
is the transaction id's and auth codes.
The major payment gateways probably use encryption as one measure of
protection.
regards
nathan
--
Thodoris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
