Assuming they have access to the PHP files, all decoding keys would be
available there, so while encrypting the database would definitely slow up
the attacker, it would only do so until they discovered the decoding method.
Any experienced hacker would find this in no time. If you pre-compile the PHP
code so that the decoding keys are not as readily available, this would help
greatly.
Sounds like your major issue is server security here, and not data security?
Shouldn't you concentrate on keeping them out of the server in the first
place? If that's accomplished, and you don't have network ports open to the
MySQL server, and your scripts use encoding/decoding keys that are defined in
locations not available to HTTP, you should be in pretty good shape.
Just seems like you're trying to fight the wrong battle here. Although this
should be considered too. If you're only responsible for this second line of
defense, then I think this is about all you can do with the available
technology that you mention. I haven't researched this much though, so
perhaps someone else on the list can offer better suggestions.
-Micah
On Wednesday 13 July 2005 2:50 am, Jeffrey wrote:
> This is an issue I've been thinking about for an application we are
> developing.
>
> Is it worth encrypting data on the database tables when anyone who can
> access the application itself - or better still the server - could
> readily access the encrypted data? Assuming SSL connections, secure
> server, etc, would you also encrypt on the DB?
>
> Thanks,
>
> Jeffrey
>
> Micah Stevens wrote:
> >Oh! Also, there's built in mysql functions for encryption, I forgot about
> >that, so you can still search, like this:
> >
> >insert into table set name_field = AES_ENCRYPT('Some name', 'secret key');
> >select * from table where AES_DECRYPT(name_field,'secret key') LIKE
> > '%some';
> >
> >Make sense? You'll want an SSL connection to the database of course, and
> >anyone that has any decent access to the server memory would be able to
> > get the encryption key, but if you're careful it would work.
> >
> >-Micah
> >
> >On Tuesday 12 July 2005 2:53 pm, Micah Stevens wrote:
> >>Just do all your searching/sorting in PHP.. it would be slower, and if
> >> your dataset is very large (sounds like it might be the case) it would
> >> be impossible.. So that might be out of the question..
> >>
> >>A bit of system engineering might find a solution too, consider which
> >>fields you need to search/sort by, and by possibly limiting those
> >> somewhat to just what is absolutely necessary, you might be able to get
> >> by not encrypting those columns.
> >>
> >>Another idea would be to provide hinting columns, essentially providing
> >>just enough data in those columns to be able to sort with, but not enough
> >>to give away the data. i.e. just the first 2 characters of each name.
> >>
> >>This would allow you to search and get a smaller dataset from the
> >> database, something you could decrypt in php, and then search further,
> >> possibly making it manageable.
> >>
> >>Hope that helps,
> >>-Micah
> >>
> >>On Tuesday 12 July 2005 2:36 pm, Matt McNeil wrote:
> >>>Greetings,
> >>>I need to securely store lots of sensitive contact information and
> >>>notes in a (MySQL or other freely available) database that will be
> >>>stored on a database server which I do not have direct access to.
> >>>This database will be accessed by a PHP application that I am
> >>>developing. However, I also need to be able to search/sort these data
> >>>with the database functions (SELECT, ORDER BY, etc) so simple PASSWORD
> >>>style encryption of specific fields would not work. (For example, I
> >>>need to encrypt
> >>>contacts' names, but need to be able to sort results by name). (I
> >>>realize I could load the entire table into memory with PHP and
> >>>process/search/sort it there, but
> >>>that's obviously not a very good solution). Ideally I would like to
> >>>encrypt entire tables. An encrypted file system is not really an
> >>>option, because the goal is to prevent loss if the database server is
> >>>hacked (in addition, I wouldn't be able to install an encrypted file
> >>>system on the database server).
> >>>
> >>>My sense is that this is a difficult problem. However, I made the
> >>>mistake of promising this functionality,
> >>>so I'm scrambling to figure out some kind of solution. Any
> >>>suggestions?
> >>>
> >>>Thanks so much!
> >>>
> >>>Matt
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
