[nycphp-talk] Encrypt and decrypt to store in DB
Kenneth Downs
ken at secdat.com
Fri Aug 4 14:00:56 EDT 2006
Dan Cech wrote:
>That is pretty much the problem in a nutshell. Any kind of 2-way
>encryption on a single server is going to require that the key be
>present on the system and therefore vulnerable to attack.
>
>I wish I had a silver bullet answer to this problem, but at this point
>the only advice I can give is that in this situation the security of the
>data is only as good as the security of your system and application,
>regardless of whether it is encrypted on disk or not.
>
>
>
I haven't seen the point of basic server security brought up in this
thread, so forgive me if I am repeating this, but security in a server
ultimately rests on the use of a server's ability to grant various
permissions to various users.
Many applications are written to connect to a database as a superuser
and then implement security in the PHP layer. If this is the case, this
is a far more serious security problem. If regular user accounts are
used and assigned various permissions, then you have the strength of the
db server security protecting the data.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ken.vcf
Type: text/x-vcard
Size: 186 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20060804/063d8952/attachment.vcf>
More information about the talk
mailing list