Re: Data encryption before storage
From: Georg Gell (security_at_1-stop-solutions.at)
Date: 07/04/03
- Previous message: Tim Greer: "Re: Ten least secure programs"
- In reply to: Chris Lloyd: "Data encryption before storage"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 04 Jul 2003 23:09:17 +0200 To: Chris Lloyd <chris@klearmedia.com>
Hi Chris,
it depends where you want to decrypt the data.
The problem with php is that nearly everybody can read the passwords
stored in the php file.
To be save you must use a public/private key infrastructure. Then your
public key is saved on the server
and with it your data is encrypted.
The safest way to decrypt the data is to download it encrypted and to
decrypt it locally with your
private key.
If you need to decrypt it on the server you can upload your private key
for each transaction with a form.
But it is not really safe because then your private key will be visible
in /tmp for some time.
Georg
Chris Lloyd wrote:
>Hello Guru's
>
>I was wondering if maybe someone could help me out with this issue.
>
>I am using php, ssl, and mysql. I need to be able to collect info from a
>form on https and encrypt the data before storing into mysql. I also need
>to be able to decrypt the data when we remove the data from mysql. I know
>there are plenty of ways to do this, but I'm not sure of the best, most
>secure way. Ware on a shared server at host rocket, so I'm sure that dont
>help. But there must be a solution to get "safe" 2 way
>encryption/decryption using the php,ssl,mysql.
>
>
>I would greatly appreciate any input, pointer, suggestions.
>
>Chris
>
>---------------------------------------------------------------------------
>Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
>The Gartner Group just put Neoteris in the top of its Magic Quadrant,
>while InStat has confirmed Neoteris as the leader in marketshare.
>
>Find out why, and see how you can get plug-n-play secure remote access in
>about an hour, with no client, server changes, or ongoing maintenance.
>
>Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
>----------------------------------------------------------------------------
>
>
>
>
>
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
- Previous message: Tim Greer: "Re: Ten least secure programs"
- In reply to: Chris Lloyd: "Data encryption before storage"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
