[nycphp-talk] Website Data Encryption tools
Tim Lieberman
tim_lists at o2group.com
Sun Apr 6 20:41:31 EDT 2008
Sure, as I mentioned in part of my last email, in some (few) cases this
is fine.
That case is this:
- I Have a bunch of secret data, in a file called "secrets.zip".
- I encrypt that data with some strong encryption mechanism.
- I post that file on http://www.example.com/secrets.zip.gpg -- it
is world readable.
- I meet you in a dark alley, we exchange a secret handshake and
password. I hand you a thumb drive with the encryption key for the
data. (repeat for each person i want to give the key to)
- You go download the data and decrypt it.
This is only marginally better than me giving you the data itself on the
thumb drive, as it saves me future trips to the scary alley.
If we use public-key cryptography, we can do away with the meeting in
the alley, though then I'd have to make a version of the encrypted file
for each recipient.
Firewalls are always going to be a fact of life, though they aren't
really necessary in any way relevant to the above scenario. Well, at
least for the server that's serving the files.. Of course, if your
machine where you're doing the decrypting is compromised, then the
hacker gets your key. Then they can go download the data from anywhere
and decrypt at will.
At the end of the day, encrypted data is useless unless at some point it
gets decrypted. Any machine that will do the decryption (and therefore,
even momentarily, hold a copy of the key and/or the unencrypted data)
needs to be suitably secured.
A machine that's *only* purpose is to hold the data in encrypted form
you could probably care less about. Unless it's the ONLY place where
the data is stored, in which case a malicious individual could destroy
your data, even if they can't steal it.
-Tim
Joe Leo wrote:
> Here's another thought I wonder about encryption technology. Could one
> day encryption technology replace the need for firewalls - either
> partially or all together. Forget about those security policies, is my
> firewall configured right, applying security patches & hardening the
> OS, etc... If one can just encrypt there entire drive or the data
> needed to be protected by encryption - Why need a fw if the data is
> garbled and useless to those who can't decrypt it. Of course fw plays
> other roles but from a pure "protect my data from the unwanted" to me
> encryption may solve that. Just a thought!
>
> Joe
>
> On Sun, Apr 6, 2008 at 7:12 PM, Joe Leo <joeleo724 at gmail.com
> <mailto:joeleo724 at gmail.com>> wrote:
>
> Wow, I really appreciate the feedback and some of the many
> comments i am getting to my original question. I ask my original
> question not so much I have some secrecy of any kind of
> application. As I mentioned, I'm not much of a programmer in
> practice. I'm just getting interest in the encryption technology
> as a whole and since I have not really used any of them I wanted
> to get an idea how effective they are.
>
> Now the feedback with the questions and comments I am getting are
> good, in that, they make me think why would I use it and to
> achieve what purpose. What I've been hoping to gain from asking my
> question is then why & when to use such encryption tool -
> especially, when hosting your data remotely by a hosting provider.
>
> My thought is if encryption techniques like TrueCrypt works - Why
> not use it regardless who is your hosting provider. Or, having to
> consider questions like who you trying to protect data from. I
> mean, when you buy a nice bran new expensive car you have a key to
> lock the doors and some go further to put in a car alarm or car
> tracking device. Who you're trying to prevent from stealing your
> car is no brainer question to consider - IMO. One knows that
> locking the door and/or having a car alarm is a deterrent - Though
> not 100% guaranteed. Maybe my example is not the best but just
> trying to raise a point.
>
> In my question to deploy some encryption on my data would (help)
> minimize people stealing private data - Why not use it, especially
> if there's not much performance penalty.
>
> David, regarding you comments below:
>
> So are you worried about encryption during uploading or about
> encryption while executing the scripts on the server and
> serving up content - or both? What other security measures did
> you include?
>
>
> You've hit the right questions I am looking to understand. The
> answer is both. From what I understand about a tool like TrueCrypt
> I can encrypt say my webfolder (web site) and upload it to my
> hosting provider. And, what I am trying to understand is can the
> encrypted data remain encrypted and still serve content. Or, once
> I upload the encrypted data must I need to decrypt it to serve the
> content? I am not concern about data being encrypted out to the
> users browser. SSL takes care of that - right? So, if it is that I
> can encrypt and it remains encrypt while serving content then this
> is not a bad solution. And, of course one can take other measures
> like ssh to the server to actually keep access to it secure.
>
> joe
>
>
>
>
>
>
>
>
>
>
>
> On Sun, Apr 6, 2008 at 5:09 PM, David Krings <ramons at gmx.net
> <mailto:ramons at gmx.net>> wrote:
>
> Joe Leo wrote:
>
> Well, you could wrap everything into PHP and use one of
> these PHP
> obfuscators.
>
> Well, I am not much of a php/programmer and don't know how
> and what it means to "wrap everything into php".
>
>
> I mean that you need to use PHP to output static page content
> if you want to encode / obfuscate everything.
>
>
> Still, I wonder why you want to do that? Do you
> distrust your
> hosting company that much? In that case I'd look for a
> different
> provider.
>
>
> Well, I am just looking into a solutions to encrypt data.
> The question as to why I would want to do that is not the
> question - But, thanks for asking.
>
>
> Well, the reason for me asking is that there may be a better
> approach than taking the big hammer. I speak from experience
> as I often use(d) the big hammer and everything was a nail.
>
>
>
> What are you trying to protect and who are you
> protecting it against?
>
> I'm looking to protect data/information that could be the
> software code and/or customer's client info.. Protection
> should be from anyone who does not need to have access to
> the website data or the DB... Of course, data will be
> shown to users (web client) who has been given access to
> view this data from the application.
>
>
> So who is your hoster? Every thought about self-hosting or
> having the customer run the server? Any chance that this might
> work via intranet rather than internet, because then you
> probably want to add SSL to the pages. I do not know if that
> is difficult to do. But keep in mind, anything that is
> accessible via internet is not what I'd consider entirely secure.
> I don't see why you need to protect the software code. PHP is
> server side only and the client doesn't see anything from your
> PHP code.
> And yes, it is assumed that legitimate users are allowed to
> see information, otherwise the whole setup would be quite
> pointless.
>
>
> What I am interested in is to find the most effective and
> most secure way to upload my website & db to remote host
> and the data is fully protected by encryption.
>
>
> As mentioned above, hosting something offsite and have it be
> available through the internet is IMHO not secure. Taking
> stuff can be made more difficult, but most secure....well, I
> leave that up to the experts, but I have my doubts - see
> Hannaford, TJX, etc.
>
>
> I will look into the ionCube suggested earlier - Though
> this seems to be a PHP only base solution. From what I
> gather, a product like TrueCrypt could be better as I can
> encrypt an entire volume or folder and it's done -
> Regardless of type of code or application that exist or
> being encrypted.
>
>
> Again, comes down to the hosting service that you have. Do you
> have that much access and rights to the server that you can
> just go ahead and run services that encrypt and decrypt entire
> folders?
>
>
>
> I know many software type companies package there software
> where either partially or fully the code is encrypted and
> protected. This is the similar type of solution I guess I
> am looking for.
>
>
> Nah, most companies distribute binaries that make it difficult
> enough for people like me to re-engineer the code. But look at
> the open source security applications. Their code is freely
> available. Security through obscurity is one of the worst
> approaches.
>
> I don't want to rain on your parade, but taking into account
> that you are "not much of a php/programmer" you may want to
> take a step back and think this over if that application is
> indeed that critical and demands such secrecy that code and
> database have to be encrypted. I play around with PHP for
> about five years now and I don't think that I'd be capable of
> writing a secure application. I'm not saying that you are not
> capable of that, but I have the impression that you think
> slapping some encryption onto something makes it secure.
> I am also wondering a bit about your statement that you want
> "to find the most effective and most secure way to upload my
> website & db to remote host". So are you worried about
> encryption during uploading or about encryption while
> executing the scripts on the server and serving up content -
> or both? What other security measures did you include?
> Kaptchas? Multiple time-limited passwords? Multiple access
> levels? Effective session management to kick people out of the
> system after a few minutes of inactivity? Or even other means
> such as biometrics as identification? Your own certificate?
> Also, does it have to be a web client? I'd guess there are way
> more and way better means to encrypt data when working with
> fat clients. Also, which database engine do you plan to use?
> Does that database engine have means to encrypt entire tables
> or data sets?
> And what do you do for client security? There is not much
> gained when your server is like Fort Knox, but the users can
> access the application from any client on any network and then
> do so from theit favourite internet cafe, leaving the PC
> unattended while getting another beer. So you want to at least
> restrict the IP address (ranges) that are allowed to get even
> to the login page.
>
> Sorry for asking that many questions, but I think those and
> many more questions need to be asked and sufficiently answered.
>
> David
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
More information about the talk
mailing list