encryption options

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I want to store some sensitive information in a mysql database from data
keyed in (inside a secure enough location, so https not required) and
encrypt it is some way so that even if the data base is compromised (off
site backups, or direct hacking) assuming they haven't got access to the
php code, or maybe some linux level program that does the
encrypt/decrypt, the data is relatively secure.


what is available that could do this?

Is it possible for php to include a php file well outside the scope of
the apache web server..i.e. does



Obviously I can shell execute a C coded file if I want..

Re: encryption options

Quoted text here. Click to load it

yes (provided the webserver does not run chroot / or your ini settings
disallow it) - or you can even include a file using the wrappers - via
http or ftp - but obviously being careful to avoid this file being

The problem then becomes that you have a critical file which is not
being included in your backup. But regardless of what you do
(symmetric / asymmetric encryption) you can't really get away from
that if you want the data to be recoverable.

One solution might be to keep the database in an encrypted filesystem
- that way you only need to worry about one password when you start up
the DBMS.



Re: encryption options

Quoted text here. Click to load it

You might want to consider storing private files as encrypted zip
files. I got CuteZip as a free extra with my CuteFTP Pro program. It
offers 3 types of encrypted zipped files. All require any user of them
to enter a pass word to open, and you can use only one or many pass
words for a set of files. You can use either a self extracting zip or
self extracting cab file which has an extension of .exe. When a user
tries to open it, they get a screen to enter the password which must
be completed correctly before the file will open itself. Using an
extension .exe could scare away users that you do not know well, but
on the other hand it could discourage unknown users from playing
around with your files. You also can use an encrypted zip file that
has an extension .zip. This requires a bit more effort to open, but
although a hack form a .zip file is possible, a .zip file does not
scare away as many people as a .exe file.

Re: encryption options

On Tue, 06 Jan 2009 12:05:35 +0000,

Quoted text here. Click to load it

GnuPG has a PHP shell.  If the only thing anyone can get at is
the encrypted material --i.e., they can't, per your conditions
description, winkle out your key-- then probably either GPG is
good enough or nothing is.

Re: encryption options

A.Reader wrote:
Quoted text here. Click to load it

That sounds the bunny.

Obviously ultimately if someone gets into the whole machine all bets are

but I could use any encryption alogorithm in a fairly obscure C
program..well away from the normal run of stuff..

Site Timeline