force — 2013-03-25T14:05:47-04:00 — #1
I was going to start working on a new project that includes storing some basic customer information, but would like to put some measures in place to increase security a little bit.
Would an appropriate approach be to use the MySQL functions AES_ENCRYPT() and AES_DECRYPT() for encrypting field data?
I realize there will be a performance hit when encrypting/decrypting, but if it causes a delay of couple seconds seconds, I would consider it reasonable.
If this is the appropriate approach, how would I then go about performing searches on those encrypted fields?
kylewolfe — 2013-03-25T15:20:16-04:00 — #2
May I ask what type of data we are discussing? Keep in mind that if I were clever enough to retrieve your data, I'm going to be clever enough to think to give AES_DECRYPT a try on it along with some others when it looks obscured, run salt with it, probably in this case both a static AND dynamic salt (stored on each record of the table)
force — 2013-03-25T16:40:25-04:00 — #3
Names and contact information.
Keep in mind that if I were clever enough to retrieve your data, I'm going to be clever enough to think to give AES_DECRYPT a try on it along with some others when it looks obscured, run salt with it, probably in this case both a static AND dynamic salt (stored on each record of the table)
True, but I wouldn't think it would be a completely fruitless exercise. It still would be another layer of security that would have to be broken.
Just because thieves can break into locked cars doesn't mean you should leave it unlocked.
kylewolfe — 2013-03-25T17:45:46-04:00 — #4
For this exercise, it's a little backward from password strengthening. You'll want your salting on the scripting side, stored on the filesystem, but I'd run a second salt on the db.
Keep in mind that any query you run against this will have to be run through the function you create to obscure it, and will throw any indexing you have out the window. I'd try to focus more on a security system / mechanisms to keep them out of your car rather than securing your glove box that you commonly need access to.
force — 2013-03-26T00:35:15-04:00 — #5
I take all the usual precautions with securing an application and database. I'm just wary of leaving all that data as viewable plain text in the database just in case someone happens to slip past the front gates.
wwb_99 — 2013-03-26T15:14:47-04:00 — #6
The big question here is key security -- if someone can slip past the front-end and get into the raw db they can probably get at your key as well if it is handy enough to be decrypting data on the fly.
force — 2013-03-26T20:13:09-04:00 — #7
Besides denying access with htaccess and placing it outside of the web directory, what else can you do with the key?
wwb_99 — 2013-03-29T14:49:42-04:00 — #8
Good question -- that is a bit beyond my linux chops. I'd look for a secure storage mechanisim like keychain, I suspect something exists. If the key is a file on disk then it is easily compromisable if the box is compromised.