Securing database data

**Force Flow** · Mar 25, 2013 12:05

I was going to start working on a new project that includes storing some basic customer information, but would like to put some measures in place to increase security a little bit.

Would an appropriate approach be to use the MySQL functions AES_ENCRYPT() and AES_DECRYPT() for encrypting field data?

http://thinkdiff.net/mysql/encrypt-m...es-techniques/
http://i.amniels.com/mysql-database-...c-private-keys

I realize there will be a performance hit when encrypting/decrypting, but if it causes a delay of couple seconds seconds, I would consider it reasonable.

If this is the appropriate approach, how would I then go about performing searches on those encrypted fields?

**K. Wolfe** · Mar 25, 2013 13:20

Originally Posted by Force Flow

I was going to start working on a new project that includes storing some basic customer information, but would like to put some measures in place to increase security a little bit.

Would an appropriate approach be to use the MySQL functions AES_ENCRYPT() and AES_DECRYPT() for encrypting field data?

http://thinkdiff.net/mysql/encrypt-m...es-techniques/
http://i.amniels.com/mysql-database-...c-private-keys

I realize there will be a performance hit when encrypting/decrypting, but if it causes a delay of couple seconds seconds, I would consider it reasonable.

If this is the appropriate approach, how would I then go about performing searches on those encrypted fields?

May I ask what type of data we are discussing? Keep in mind that if I were clever enough to retrieve your data, I'm going to be clever enough to think to give AES_DECRYPT a try on it along with some others when it looks obscured, run salt with it, probably in this case both a static AND dynamic salt (stored on each record of the table)

**Force Flow** · Mar 25, 2013 14:40

Originally Posted by K. Wolfe

May I ask what type of data we are discussing?

Names and contact information.

Keep in mind that if I were clever enough to retrieve your data, I'm going to be clever enough to think to give AES_DECRYPT a try on it along with some others when it looks obscured, run salt with it, probably in this case both a static AND dynamic salt (stored on each record of the table)

True, but I wouldn't think it would be a completely fruitless exercise. It still would be another layer of security that would have to be broken.

Just because thieves can break into locked cars doesn't mean you should leave it unlocked.

**K. Wolfe** · Mar 25, 2013 15:45

Originally Posted by Force Flow

Names and contact information.

True, but I wouldn't think it would be a completely fruitless exercise. It still would be another layer of security that would have to be broken.

Just because thieves can break into locked cars doesn't mean you should leave it unlocked.

Very true...

For this exercise, it's a little backward from password strengthening. You'll want your salting on the scripting side, stored on the filesystem, but I'd run a second salt on the db.

Keep in mind that any query you run against this will have to be run through the function you create to obscure it, and will throw any indexing you have out the window. I'd try to focus more on a security system / mechanisms to keep them out of your car rather than securing your glove box that you commonly need access to.

**Force Flow** · Mar 25, 2013 22:35

Originally Posted by K. Wolfe

Very true...

For this exercise, it's a little backward from password strengthening. You'll want your salting on the scripting side, stored on the filesystem, but I'd run a second salt on the db.

Keep in mind that any query you run against this will have to be run through the function you create to obscure it, and will throw any indexing you have out the window. I'd try to focus more on a security system / mechanisms to keep them out of your car rather than securing your glove box that you commonly need access to.

Good analogy

I take all the usual precautions with securing an application and database. I'm just wary of leaving all that data as viewable plain text in the database just in case someone happens to slip past the front gates.

**wwb_99** · Mar 26, 2013 13:14

The big question here is key security -- if someone can slip past the front-end and get into the raw db they can probably get at your key as well if it is handy enough to be decrypting data on the fly.

**Force Flow** · Mar 26, 2013 18:13

Besides denying access with htaccess and placing it outside of the web directory, what else can you do with the key?

**wwb_99** · Mar 29, 2013 12:49

Good question -- that is a bit beyond my linux chops. I'd look for a secure storage mechanisim like keychain, I suspect something exists. If the key is a file on disk then it is easily compromisable if the box is compromised.

User Tag List

Thread: Securing database data

Thread Tools

Display

Securing database data

Bookmarks

Bookmarks

Posting Permissions