On 06/30/2009 11:00 AM, CarSign wrote:
Hi -
I am needing to store sensitive data like a Social Security Number in our
database that will be used by our web application.
Should the data be encrypted by PHP before it is passed to mysql OR should it
be encrypted by mysql OR should I encrypt in both places so that it is double
encrypted?
I don't think those encryption methods do what you think they do.
There's hashing and there's encryption.
The functions you are thinking of using are probably just hash
functions. The problem with a hash function is you can't get it back.
What's the purpose you ask? Usually passwords. If I store a password I
hash it. Then when I need to verify someone is giving me a correct
password I hash it and compare it to the stored hash. If they are the
same they gave me the correct password.
There are different types of encryption but they all share one thing in
common. They need a key in order to decrypt. So your data is only safe
if your key is safe. So if your decryption key is in the database and
someone has hacked into your database.....
Storing social security numbers correctly is really hard.
Kyle
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
