|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
February 13th, 2003, 01:55 AM
|
|||
|
|||
|
Encrypting database in Linux
Hello:
I have a MySQL database on a web server which contains sensitive information. What is the most secure way of maintaining the data secure. Function calls such as Passwd and the MD5 using PHP do require to pass keys. So once the intruder has access to scripts, he would know the keys. Is there an elegant method of achieving this. Is there source code available for Public-Private Key encryption-decryption available in public domain. Can you please point to a site ? Thanks,
|
|
#2
February 13th, 2003, 12:36 PM
|
|||
|
|||
|
"gpg" is available in source code and should have come with your distro. But i would not implement my own. I would use gpg or pgp if it is installed.
But then, thinking about it - the decryption (private) key has to rest on the server, so the whole system of public key cryptography is only slightly more secure than using "normal" XOR or similar... Sorry, there is no way to really securely encrypt your data there if you do need automated access to it... ... conclusion: donīt store sensitive information in a database  In case you are still interested in code examples, here is a page that contains JavaScript implementations of SHA1, MD5 and RSA: http://pajhome.org.uk/crypt/rsa/index.html it should be possible to port it to php in a few minutes.......... Wondering ........... Wasnī t there a mcrypt library in php that implements exactly this? I am too lazy to look it up right now...
__________________
-- Manuel Hirsch - Linux, FreeBSD, programming, administration articles, tutorials and more.
|
|
#3
February 14th, 2003, 11:57 AM
|
||||
|
||||
|
md5 in PHP doesn't require keys. It just md5 encodes the string passed to it.
In some situations you can just re-encode passwords, card numbers etc provided to see if the md5 hashes match. However, M Hirsch is right. If you don't want to endanger sensitive data, don't put it on a web-connected db. christo
__________________
. Spiration channels: Free scripts, programming tutorials and articles Dotcut alerts: Online Press cuttings / news alerts Clearprop: UK microlight school, wiltshire Uk dating: UK safe dating with Topdates About Christo . .
|
|
#4
February 14th, 2003, 09:43 PM
|
||||
|
||||
|
At one stage I was playing with the idea of storing CC numbers in a DB. The solution was using GPG. The one way I thought of making it secure was to have an external server (in this case in the office) link into the MySQL DB and read the encrypted data and then decrypt it and pass it to the workstation in the office which is a secured network. That way the webserver only has the public key and the private key is on another server behind a firewall. the details are only available in the office too, so people cannot access them outside for malicious intent. The page was also going to be locked so that only certain users can access it.
We have now gone with automatic CC processing now though,
__________________
- Andreas Koepke Links: 
|
|
| Viewing: Dev Shed Forums > Operating Systems > Linux Help > Encrypting database in Linux |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
