I am writing an application that will store information in a MySQL database. I would like to encrypt the data being stored in the database using the AES_ENCRYPT/DECRYPT functions. My question is, how can I securely contain the password in memory within the application?
For example, the application allows the user to login using a username and password that will be stored in the database. I would like to use that password to encrypt the information. However, I would like the user to be able to decrypt the information on the fly as long as they are logged into the application. I am worried, however, about storing the password in memory. How can I do this securely? If my application crashes, the password could be stored within the core file. Can anyone provide advice on how to securely contain the password in memory so that the information can be decrypted and accessed transparently? Steve Nakhla __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
