-
Database Encryption
Hey guys, I run www.pureescape.net and I was just wanting to know if any of you are experienced with securing databases. I use Mysql, and I've got the user accounts secured, but, there is an ache in my stomach when I consider that lots of data in the database is plain text. Not just my data, but the data of others.
My setup is secure, I'm just trying to prepare for worst case scenarios (network/physical attacks on the system)
I usually use PHP for my web applications. What I'd like to know, is how can I implement encryption/decryption on the fly? So that data is encrypted before entering the database, and is decrypted after the sql query (before it's presented in clear text again to the user).
Any info (links, turorial, code) on these techniques would be great. Also, the site ( www.pureescape.net ) is always interested in getting new members for it's discussion forums. Stop by, you'll probably meet someone you know from AO. Peace!
Thanks in response for help.
--PuRe
-
PuRe, as long as you configured MySQL with SSL you should be able make use of the AES and other encryption functions.
http://www.mysql.com/doc/en/Encryption_functions.html
-Maestr0
-
Thanks for the link, it was useful. I'm wondering how much performance overhead is gonna be created by encrypting and decrypting everything.
--PuRe
-
Encrypt only partial fields of databse that way you can save on the performance overload....
Other thing is proper database designing... Like what SAP follows ti sotres data in over 2500 tables... Hence even if you get an access to one of the databses you cannot make any sense out of the data residing in that database