[nycphp-talk] Secure Data
Jon Baer
jonbaer at jonbaer.net
Thu Jul 17 18:13:40 EDT 2003
try to stunnel the entire connection ...
http://www.stunnel.org/examples/mysql.html
- jon
pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
----- Original Message -----
From: Rudy Gamberini
To: talk at lists.nyphp.org
Sent: Thursday, July 17, 2003 8:17 AM
Subject: [nycphp-talk] Secure Data
I need to collect sensitive information on one of my web pages. I have established a secure session https:// utilizing my hosting service's certificate. Now that the session is secure I need to be sure the collected data is secure. While I could encrypt the data before storing it in the MySQL database, I need to be able to decrypt it eventually to process the orders. I've used MD5 hash function to encrypt passwords I store in cookies but that approach would not work here. I need to hold the key locally, meaning on a machine outside the web-server that will be able to decrypt the information after retrieving it.
I like the idea that the database only stores encrypted data that way should the database be compromised the information stored there will be of little value.
I am very unsure about any security techniques that work best in this situation and just pointing me in the right directions would be greatly appreciated.
Thanks,
Rudy
------------------------------------------------------------------------------
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20030717/7153726a/attachment.html>
More information about the talk
mailing list