[nycphp-talk] Secure Data
Rudy Gamberini
rudy at taytek.com
Thu Jul 17 11:17:12 EDT 2003
I need to collect sensitive information on one of my web pages. I have
established a secure session https:// utilizing my hosting service's
certificate. Now that the session is secure I need to be sure the collected
data is secure. While I could encrypt the data before storing it in the
MySQL database, I need to be able to decrypt it eventually to process the
orders. I've used MD5 hash function to encrypt passwords I store in cookies
but that approach would not work here. I need to hold the key locally,
meaning on a machine outside the web-server that will be able to decrypt the
information after retrieving it.
I like the idea that the database only stores encrypted data that way should
the database be compromised the information stored there will be of little
value.
I am very unsure about any security techniques that work best in this
situation and just pointing me in the right directions would be greatly
appreciated.
Thanks,
Rudy
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.500 / Virus Database: 298 - Release Date: 7/10/03
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030717/9d1601f1/attachment.html>
More information about the talk
mailing list