[nycphp-talk] Data encryption on ISP server
Frank Wong
frank_wong2 at informationideas.com
Fri Jun 24 17:42:56 EDT 2005
I have an encryption strategy question and was wondering if anyone can
help.
There is data that I'm storing on an ISPs server that I would like to
encrypt. This data can be access through the hosted website via 128bit
SSL that is username and password protected. Therefore, the data and
the password to access the data are all encrypted using a pass-phrase
and AES through php. However, my concern is that where and how do I
store this all important pass-phrase since it is the key that opens all
doors. My ISP does not allow the webserver process to access any
directory outside of the www root directory so my pass-phrase needs to
be either stored within www root (plus sub directories) or in the
database. If either of those places are considers secure, I would not
need to use encryption in the first place.
My logic must be flawed as I'm certainly not the first to deal with
encrypting sensitive information. Where am I not thinking correctly
other than behind my desk? Thanks to all in advance.
__________________
Frank
More information about the talk
mailing list