[nycphp-talk] Website Data Encryption tools
Daniel Convissor
danielc at analysisandsolutions.com
Sun Apr 6 13:38:35 EDT 2008
Hi Joe:
> I'm looking to protect data/information that could be the software code
> and/or customer's client info.. Protection should be from anyone who does
> not need to have access to the website data or the DB.
This is done by protecting access to the servers.
Encrypting the information is pointless because the data needs to be
decrypted in order to be served to the viewers.
So, for example, you're talking about using TrueCrypt. While that's a
great tool, it doesn't accomplish anything for your purposes, because the
volume will have to be mounted (decrypted) in order to serve it. Once
the volume is mounted, anyone with access to the server can read it.
If you're thinking of dynamically decrypting scripts, data, etc, on the
fly, you'll need to have the keys and passwords stored on the server.
Therefore anyone can use those to decrypt the stuff too.
It all comes down to server security. This includes things like using
encrypted means to access the machine and move files to/from it (SSH,
SFTP, etc), keeping the software up to date, running firewalls, etc.
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list