[nycphp-talk] Data encryption on ISP server
Hans Zaunere
lists at zaunere.com
Fri Jun 24 17:49:21 EDT 2005
> I have an encryption strategy question and was wondering if anyone can
> help.
>
> There is data that I'm storing on an ISPs server that I would like to
> encrypt. This data can be access through the hosted website via 128bit
> SSL that is username and password protected. Therefore, the data and
> the password to access the data are all encrypted using a pass-phrase
> and AES through php. However, my concern is that where and how do I
> store this all important pass-phrase since it is the key that opens all
> doors. My ISP does not allow the webserver process to access any
> directory outside of the www root directory so my pass-phrase needs to
> be either stored within www root (plus sub directories) or in the
> database. If either of those places are considers secure, I would not
> need to use encryption in the first place.
>
> My logic must be flawed as I'm certainly not the first to deal with
> encrypting sensitive information. Where am I not thinking correctly
> other than behind my desk? Thanks to all in advance.
I can't figure out any better logic that's realistic either. Storing the pass phrase is always the conundrum of encryption. For very secure stuff, you'd get much higher security and flexibility with a dedicated server, if possible.
H
More information about the talk
mailing list