[nycphp-talk] Encrypt and decrypt to store in DB
Dan Cech
dcech at phpwerx.net
Fri Aug 4 12:31:14 EDT 2006
Mitch Pirtle wrote:
> I'd like to back this question up to the very beginning, and ask a
> more fundamental question that's been nagging at me for several
> days...
>
> So a client comes up to you with an intent to require encrypted data
> in the database. This of course requires two-way encryption, which
> unfortunately means you gotta store the keys on the webserver to
> decrypt the data.
>
> So what additional security does this actually accomplish, and is
> there a better approach?
That is pretty much the problem in a nutshell. Any kind of 2-way
encryption on a single server is going to require that the key be
present on the system and therefore vulnerable to attack.
I wish I had a silver bullet answer to this problem, but at this point
the only advice I can give is that in this situation the security of the
data is only as good as the security of your system and application,
regardless of whether it is encrypted on disk or not.
Dan
More information about the talk
mailing list