Re: Database encryption & security
Thanks for the suggestions everyone. I'll look into it. Might be more hassle than it's worth; on thinking about it, I don't think it really matters if the main user has access to the DB info - he will also have access to the code, so I guess if he wanted to, he could code something up to get the details out! On Dec 21, 8:39 pm, Victor wrote: > You can take a look at what CritoTECH.com is offering with ezNcrypt. > It's Transparent Data Encryption and Key Management for MySQL. This > means it requires no changes to your application or database to > encrypt your data and it will allow you to encrypt specific tables > instead of having to encrypt the entire file system. > > Kind regards, > > Victor > > On Dec 18, 4:43 am, WhyNotSmile > wrote: > > > Hi, > > > I was wondering whether anyone could help me out with some database > > encryption. The app stores a bit of personal info in the MySQL > > database - name, address, phone number, email address & password. I > > think I should probably encrypt this in the database so that even the > > owner of the database can't see the information there. > > > I don't think security will be a huge issue, but all the same I think > > it would be good to put something in place. > > > Anyway, I have looked online and can't really find anything to help me > > - it's all a bit too advanced for my needs! I thought there would be > > a simple way of doing this, but I can't find one. > > > Basically, what I want is when Cake saves the data, it encrypts it > > first, and then decrypts it when it loads it back in. I was sure I'd > > read this in the manual, but can't find it now! There is stuff in > > there about salt values, but I don't understand how that works (and > > anyway, I set the salt value, and it clearly doesn't cause my data to > > encrypt!). > > > It doesn't have to encrypt absolutely everything (some of it is just > > random info), but if it is easier to just do the lot, then that's > > grand. Also, the data is in UTF-8, if that makes any difference. > > > So if someone could point me in the right direction, I'd be very > > grateful. > > > Thank you. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Database encryption & security
You can take a look at what CritoTECH.com is offering with ezNcrypt. It's Transparent Data Encryption and Key Management for MySQL. This means it requires no changes to your application or database to encrypt your data and it will allow you to encrypt specific tables instead of having to encrypt the entire file system. Kind regards, Victor On Dec 18, 4:43 am, WhyNotSmile wrote: > Hi, > > I was wondering whether anyone could help me out with some database > encryption. The app stores a bit of personal info in the MySQL > database - name, address, phone number, email address & password. I > think I should probably encrypt this in the database so that even the > owner of the database can't see the information there. > > I don't think security will be a huge issue, but all the same I think > it would be good to put something in place. > > Anyway, I have looked online and can't really find anything to help me > - it's all a bit too advanced for my needs! I thought there would be > a simple way of doing this, but I can't find one. > > Basically, what I want is when Cake saves the data, it encrypts it > first, and then decrypts it when it loads it back in. I was sure I'd > read this in the manual, but can't find it now! There is stuff in > there about salt values, but I don't understand how that works (and > anyway, I set the salt value, and it clearly doesn't cause my data to > encrypt!). > > It doesn't have to encrypt absolutely everything (some of it is just > random info), but if it is easier to just do the lot, then that's > grand. Also, the data is in UTF-8, if that makes any difference. > > So if someone could point me in the right direction, I'd be very > grateful. > > Thank you. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Database encryption & security
This was posted by another member but accidentally sent directly to me instead of the group; I am re-posting this for him to also possible help others with his addition to the conversation: You can take a look at what CritoTECH.com is doing with ezNcrypt. This is Transparent Data Encryption and Key Management for MySQL. This means it requires no changes to your application or database to encrypt your data and it allows you to select the specific tables you want to encrypt as opposed to encrypting the entire file system. here is a link http://www.critotech.com/MySQLencryptionandkeymanagement.htm Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Database encryption & security
The Cryptable Behavior is incomplete. I started working on an MCrypt Behavior (same approach, different code and strategy for execution) that has more features than this Behavior awhile back; unfortunately I ran in to a stumbling block. Although it is able to automatically encrypt/decrypt data on the fly so it's seamless to the developer (developer does not need to worry about manually decrypting the data in the controller, or encrypting to match on find calls), it only is capable of on-the-fly decrypting for the *current* model. I was unable to determine how to extend it to related models of a find() query/call. Another issue with this is that it's expensive. If you decide you want to do a recursive model call, assuming I was able to automatically decrypt all fields of related tables, I believe each separate model would have to be instantiated at least once to get the proper configuration for that particular model's encryption settings (as they can all be set independently, just like the Cryptable Behavior). So even if I was able to figure out a way to automatically decrypt related fields (it is possible), it would be a costly call as you not only have to run the mcrypt function call on each find call, you'd have to instantiate any related models within the find(), AND run the mcrypt on them as well. All of that can add up pretty fast if you go crazy on which models you want to encrypt. That being said, my behavior is incomplete; it only works on a single model, and if you request that model's encrypted field(s) from another model, it will show up encrypted, not decrypted (i.e.: User.username is encrypted --> you wanted to get the username associated with a Post.author_id field, it would possibly return "re97gur!#$%Wds" instead of "Bob"). So, yes it's possible. However, you're bound to have a huge task ahead of you, not only in terms of coding time, but in optimizing your queries and caching. I eventually will have to complete my behavior, and I will release it on the Bakery, but I have ZERO timeframe for completion. It is not a priority of mine at the moment. On Dec 19, 5:03 am, Marco wrote: > I think you can take a look at this behaviour: > > http://bakery.cakephp.org/articles/view/cryptable-behavior > > I didn't try it but I use something similar. You need the mcrypt > library installed on your server. > > On Dec 18, 3:52 pm, WhyNotSmile > wrote: > > > > > I am doing this for a client. He has access to the database through > > his control panel of his web host. I want it to be encrypted so he > > can't read the data. It's not that I don't want him to see it, but > > that there is data which clients might not want him to see. I also > > have access to the database, and they might not want me to see it > > either. So, basically, when you go to PHPadmin, it should be > > encrypted. Does that make sense? > > > Also, if anyone was to hack into the database somehow, I don't want > > them to be able to read the data. > > > Thanks, > > Sharon > > > On Dec 18, 2:04 pm, robustsolution wrote: > > > > of course you are talking about two-way encryption not hashing (one > > > way). > > > > by the way what do you mean by the database owner? > > > > either the guy have a full access to the database or a custom access. > > > > if you are the one who has full access, give him a mysql account with > > > custom access to all tables except the tables that have sensitive > > > info. > > > > otherwise an alternative solution should be required here.- Hide quoted > > > text - > > - Show quoted text - Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Database encryption & security
I think you can take a look at this behaviour: http://bakery.cakephp.org/articles/view/cryptable-behavior I didn't try it but I use something similar. You need the mcrypt library installed on your server. On Dec 18, 3:52 pm, WhyNotSmile wrote: > I am doing this for a client. He has access to the database through > his control panel of his web host. I want it to be encrypted so he > can't read the data. It's not that I don't want him to see it, but > that there is data which clients might not want him to see. I also > have access to the database, and they might not want me to see it > either. So, basically, when you go to PHPadmin, it should be > encrypted. Does that make sense? > > Also, if anyone was to hack into the database somehow, I don't want > them to be able to read the data. > > Thanks, > Sharon > > On Dec 18, 2:04 pm, robustsolution wrote: > > > > > of course you are talking about two-way encryption not hashing (one > > way). > > > by the way what do you mean by the database owner? > > > either the guy have a full access to the database or a custom access. > > > if you are the one who has full access, give him a mysql account with > > custom access to all tables except the tables that have sensitive > > info. > > > otherwise an alternative solution should be required here. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Database encryption & security
I am doing this for a client. He has access to the database through his control panel of his web host. I want it to be encrypted so he can't read the data. It's not that I don't want him to see it, but that there is data which clients might not want him to see. I also have access to the database, and they might not want me to see it either. So, basically, when you go to PHPadmin, it should be encrypted. Does that make sense? Also, if anyone was to hack into the database somehow, I don't want them to be able to read the data. Thanks, Sharon On Dec 18, 2:04 pm, robustsolution wrote: > of course you are talking about two-way encryption not hashing (one > way). > > by the way what do you mean by the database owner? > > either the guy have a full access to the database or a custom access. > > if you are the one who has full access, give him a mysql account with > custom access to all tables except the tables that have sensitive > info. > > otherwise an alternative solution should be required here. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Database encryption & security
of course you are talking about two-way encryption not hashing (one way). by the way what do you mean by the database owner? either the guy have a full access to the database or a custom access. if you are the one who has full access, give him a mysql account with custom access to all tables except the tables that have sensitive info. otherwise an alternative solution should be required here. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Database encryption & security
Hi, I was wondering whether anyone could help me out with some database encryption. The app stores a bit of personal info in the MySQL database - name, address, phone number, email address & password. I think I should probably encrypt this in the database so that even the owner of the database can't see the information there. I don't think security will be a huge issue, but all the same I think it would be good to put something in place. Anyway, I have looked online and can't really find anything to help me - it's all a bit too advanced for my needs! I thought there would be a simple way of doing this, but I can't find one. Basically, what I want is when Cake saves the data, it encrypts it first, and then decrypts it when it loads it back in. I was sure I'd read this in the manual, but can't find it now! There is stuff in there about salt values, but I don't understand how that works (and anyway, I set the salt value, and it clearly doesn't cause my data to encrypt!). It doesn't have to encrypt absolutely everything (some of it is just random info), but if it is easier to just do the lot, then that's grand. Also, the data is in UTF-8, if that makes any difference. So if someone could point me in the right direction, I'd be very grateful. Thank you. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en