[nycphp-talk] Data encryption on ISP server
Frank Wong
frank_wong2 at informationideas.com
Tue Jun 28 09:51:19 EDT 2005
Thanks to all for your input on this topic. I guess the consensus is to
use a dedicated server to properly secure the data. One thing that I'm
not clear about is specifically how does a dedicated server provide more
security? My first instinct is that I can write a compiled object such
as a DLL to handle the encryption/decryption. Then I could have the
pass-phrase broken up into multiple pieces stored in different locations
(maybe files outside of the web tree and databases) where only the DLL
has the instructions to reconstruct the pass-phrase. The pass-phrase
would also include something that is unique to the server like the MAC
ADDRESS so if everything is installed on another computer without
recompiling the DLL, the encryption/decryption would fail. This would
allow the following scenarios of security.
1) Compromised database - data is encrypted
2) Compromised file system and database - no code with decryption info
in files and data is encrypted
3) Compromised file system (including DLL) and database - cannot read
compiled DLL, no code with decryption info in files, and data is encrypted
Is this kind of what you have in mind while stating that dedicated
servers can be secure enough for sensitive data? Thanks.
_________________
Frank
More information about the talk
mailing list