How to protect sensitive data in MySQL?_问答_开发者

开发者 https://www.devze.com 2023-02-23 13:58 出处：网络

i have searched couple of times but came up with nothing more than unclear answers on this matter. Im developing a Web app which stores sensi开发者_运维知识库tive information (mid sized texts), and

相关专题：

i have searched couple of times but came up with nothing more than unclear answers on this matter.

Im developing a Web app which stores sensi开发者_运维知识库tive information (mid sized texts), and the website itself is hosted on a secure web hosting provider. But im wondering, what is the best way to store those sensitive pieces of text in MySQL without worrying about unwanted access to database (like from phpMyAdmin) and still being able to perform actions on those information on behalf of the user himself (like generating charts and creating pdfs).

Thanks and sorry for my English.

If you don't control your servers, you have no security at all.

Control your servers.
Use the mysql security model to limit who can look at the data with phpmyadmin or whatnot.

If that's not good enough, you could think about encryption. However, you'd got to store the keys someplace, and now you are back where you started with mysql passwords.

One option is to use MySQL's built in encryption, see Encryption and Compression Functions. The other major option is to use binary fields and do the encryption in your application, with AES for instance.

If you store the key on the server then anyone with access to the server and the database can decrypt the data. If that's a concern too then you'll need to consider how to get the key from the user. That can be difficult to do in a way that's both secure and convenient.

There is a system named Cryptdb designed by MIT. Cryptdb can encrypts data based on data owner password and nobody even administrators couldn't access the real data. The team says that overhead for phpBB is 14%!

You can encrypt the database fields using mysql encode/decode

You should lock down your MySQL user accounts. Consider limiting what your webapp itself can do. Only give it the minimum necessary permissions on your database, and consider creating stored procedures to further ensure that it can only access what it requires and nothing else.

If you don't trust your hosting provider, then you need to move at least the database to somewhere that you can trust. This further means you need ensure that your connection to your database is secured (SSL).

You should be encrypting your data. Don't be tempted to do your own encryption, as @WhiteFang34 says, use the built in encryption.