Storing messages in a database, privacy issues

I am developing a web based application where users can send informat开发者_如何学编程ion trough messages. What is the "normal way" to store messages like this in a database? I know the easiest way would be to just store them in a normal text form, but that would open up some privacy issues i think.

What is the way to go if you want to store messages that should not be searchable?

Encrypt the messages with single key encryption like AES. Store the encrypted values.

The fact that the messages are on your private server is a form of security in it's own right. No one can directly access the database. Really the only person your preventing from viewing the messages is.... yourself. But you have the key so you could easily decrypt the messages.....

Unless your application deals with particularly sensitive information like financials or health-related data, just store the data in plain text but carefully control access to these messages from your application. Also, make sure to properly secure your database:

• don't use a default password
• create a separate database account specifically for your application with only the required permissions
• use an encrypted connection between your app server and database

Assuming the issue is that a user should only see messages sent to them, what you are looking for is called Row Level Security. Each message has a userId recipient, a userId sender, the text, and perhaps some other fields.

When Row Level Security is fully implemented, a user would only be able to see messages where they are the recipient. (though you may have another option for a user to see messages they have sent)

This can be done in the database in theory, but it requires a database account for each user, which nobody does, so you have to scratch off that option.

That leaves the application. You must ensure that reads from that table always append a filter that, no matter what the query, a filter is always appended that shows only messages sent to the currently logged in user, or, messages sent from the currently logged in user.