Keeping my host out of my database

Hi Folks,

I run a php/mysql site on a virtual server. I store some user info in my mysql dataabse. I'd like to protect my users' details from my host, is this possible?

I'm guessing not, since I don't have root mysql access, and my db username and passwrd are lying about in all my scripts.

Howver, it would be great if there was something I could do.

Any ideas, anyone?

I don't have the specifics for you, but it should be possible to encrypt the data, and have the decryption key be entered from an HTML form to view or enter data. Bear in mind that to be truly secure, the form should be accessed from https:// (secure server), but at least this will keep those with direct access to your database from browsing the tables.

Hi,

Thanks for replying.
I don't think I need an SSL connection, because all the user enters is an email address, however I would hate for anyone to walk off with the email addresses I have of all my subscribers.

Because I want anyone and everyone to be able to add to the database and some cron jobs to deal with the data, I don't think I'll be able to use encryption of the data to provide any real level of security.

I guess I was hoping for some sort of MySQL protection I could set on the tables to deny root access. But I guess root could always change that anyway...

I'm guessing it comes down to trust. And I *do* trust my host. However, I don't think that would be enough to get any independant "Your data is safe on this site" certification.

Bummer. :/

Thanks again for taking a stab at this!

You can disregard part 2 of my answer. People don't need to enter an encryption key to *enter* the data, you would just have the MySQL INSERT encrypt data after the form is submitted. The only drawback is users would not be able to edit their existing data without an encryption key, but you can always just have then enter a new record.

Your viewing and exporting the data is the only thing that would need an encryption key.

Unfortunately, I do little with this system by hand. Most of the work is done by cron jobs, the scripts for which will need access to the decryption key. So, for any determined person with access to my server, the keys would be there for him.

Like I say, I don't think this can be done... but I figgered it was worth asking.

And thanks again for your time,

I do appreciate it!

Boogie

Well if u *really* want to encrypt your data with relative security i suppose you can lookup the tea encryption algo. (really fast and small, couple of lines of code) and just write a small c program that implements it, then hard code the key in the encrypt. and decrypt. program, of course root would be able to just use an hex editor to look up the passphrase but its a bit of an overkill i think.