NYCPHP Meetup

NYPHP.org

[nycphp-talk] Secure Data

Rudy Gamberini rudy at taytek.com
Thu Jul 17 11:17:12 EDT 2003


I need to collect sensitive information on one of my web pages.  I have
established a secure session https:// utilizing my hosting service's
certificate.  Now that the session is secure I need to be sure the collected
data is secure.  While I could encrypt the data before storing it in the
MySQL database, I need to be able to decrypt it eventually to process the
orders.  I've used MD5 hash function to encrypt passwords I store in cookies
but that approach would not work here.  I need to hold the key locally,
meaning on a machine outside the web-server that will be able to decrypt the
information after retrieving it.

I like the idea that the database only stores encrypted data that way should
the database be compromised the information stored there will be of little
value.

I am very unsure about any security techniques that work best in this
situation and just pointing me in the right directions would be greatly
appreciated.

Thanks,
Rudy

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.500 / Virus Database: 298 - Release Date: 7/10/03
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030717/9d1601f1/attachment.html>


More information about the talk mailing list