[UPHPU] store sensitive data in mysql + php web application
utahphp at forsalesticker.com
Tue Jun 30 11:48:40 MDT 2009
I am thinking about encryption.
I will need to decrypt it for use in the web application (show it in clear text in some cases)
So I could use something like AES_ENCRYPT and AES_DECRYPT but then I need to decide how to get the key and if a user can read the stored procedure or the PHP they will know how to find the key and so will also know how to unencrypt the info.
--- On Tue, 6/30/09, Kyle Waters <unum at unum5.org> wrote:
> From: Kyle Waters <unum at unum5.org>
> Subject: Re: [UPHPU] store sensitive data in mysql + php web application
> To: uphpu at uphpu.org
> Date: Tuesday, June 30, 2009, 11:33 AM
> On 06/30/2009 11:28 AM, thebigdog
> > +1 you don't want the liability of this at all. I
> would be very hesitant to even
> > think about saving this type of data. The question is
> do you really need this
> > data for your application?
> I think I know what he's doing so I'll say, yes, he needs
> information. I've written a similar application, but
> we transfer the
> data offline asap.
> UPHPU mailing list
> UPHPU at uphpu.org
> IRC: #uphpu on irc.freenode.net
More information about the UPHPU