开发者

How can I encrypt/decrypt data in the database automatically [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and 开发者_如何学运维 cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 11 years ago.

Is there anyway in PHP to automatically encrypt and decrypt data to/from the database?

Right now, I'm using SSL and other security mesures to protect my application but data stored in the database is still in plain text. Is there anyway to automatically store it in encrypted form so that data isn't plain text anymore?


Encrypting for the sake of encrypting is useless. Databases are filled with non-sensitive information that doesn't need to be encrypted. Just make sure that your DB server is properly secured by a strong password and relevant firewall rules (to prevent outside access).

Encrypting everything would remove the ability to properly query the database as you would always have to query based on the encrypted form. So you can forget things like ORDER BY (which would be meaningless) and easy WHERE clauses.

That said, you still need to properly hash (bcrypt) your passwords AND secret answers (this is largely forgotten, unfortunately) and secure any sensitive data such as SSNs. That can be done manually in your Model class.

The reason why these informations are encrypted/hashed versus normal information is that in case of an SQL injection attacks, proper hashing makes it close to impossible for attackers to gain further access to the system (versus plain text passwords which can be then used to gain access to the service).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜