I have been given the task of creating a database that will contain data that needs to be secure. Other than just encryption, what other things could I implement or do to protect that data?
If the data in the database will be updated by users via web forms, a must-do is validate all user inputs and sanitise user inputs with mysql_real_escape_string() (if using php) or prepared statements before passing them to any sql queries.
Validation is definitely a must on my list, as is limiting permissions. I was curious as to more of features or things I can implement to keep people out of the database that don’t belong.
Here’s some of my thoughts:
Make sure the server is physically secure.
Spend plenty of time working on restricting access to the database to only allowed programs or hosts.
Spend more time working on the granular authentication scheme you’ll use to restrict user access to the data.
Consider who has access to any database backups.
How is data that’s presented to users secured after it’s viewed? Think about what and where any data gets cached.
I’m sure there’s lots more.