Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
206 views
in Technique[技术] by (71.8m points)

php - Security of data in database

I am making a web application and i want it to be secure, so i ll be using SSL and, will hash passwords. But my server is managed by a different company and it's a shared hosting server, they have direct access to database. I want to prevent any possible loss of sensitive information so i am thinking about encrypting all the data in the database.

Is this a good way to keep data secure? are there any other ways to protect data in database?

I am using PHP, MYSQL, Apache, and Linux

please provide details. also if am thinking in the wrong direction pls tell that too.

Thanks in advance

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

This is not a big privacy issue

The internet is composed of some few websites / web applications using self hosted solutions with fully personal servers (owned and operated in their own NOC).

Everyone else is using some form or another of shared, virtualized, semi-private, semi-dedicated, collocated hosting. In every case the hosting company has full access to everything, they have physical access to the servers -- no amount of protection can help you there.

Shared hosting might be the easiest to access from the hosting company's perspective. But that's not relevant, their policies should prevent them from operating in bad faith because if they wouldn't it wouldn't really matter if it was the easiest or the hardest to access it would only matter how interesting the data you have is to them (or some random employee of theirs).

Finding a solution to the above non-issue

Some approaches might use:

  • Mounting an encrypted filesystem as a folder and setting up MySQL to use that folder to store its data;
  • MySQL encryption functions to encrypt the data in a particular cell or column;
  • a library on top of SQLite that had an encryption feature which would encrypt the entire database file;

On the other hand if your PHP files would be on the same server and the database decryption password would be stored inside your PHP files, any "intruder" could find it and use it if they wanted it.

You'd have to store the password on a different server or obtain it from the user in order to not have it present inside the local PHP files. This would obviously still be available at runtime; if the "intruder" is a programmer he will be able to retrieve it fairly easily.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...