[UPHPU] store sensitive data in mysql + php web application

CarSign utahphp at forsalesticker.com
Tue Jun 30 11:48:40 MDT 2009


I am thinking about encryption.  
I will need to decrypt it for use in the web application (show it in clear text in some cases)

So I could use something like AES_ENCRYPT and AES_DECRYPT but then I need to decide how to get the key and if a user can read the stored procedure or the PHP they will know how to find the key and so will also know how to unencrypt the info. 

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html







--- On Tue, 6/30/09, Kyle Waters <unum at unum5.org> wrote:

> From: Kyle Waters <unum at unum5.org>
> Subject: Re: [UPHPU] store sensitive data in mysql + php web application
> To: uphpu at uphpu.org
> Date: Tuesday, June 30, 2009, 11:33 AM
> On 06/30/2009 11:28 AM, thebigdog
> wrote:
> >
> > +1 you don't want the liability of this at all. I
> would be very hesitant to even
> > think about saving this type of data. The question is
> do you really need this
> > data for your application?
> >
> >
> >    
> 
> 
> I think I know what he's doing so I'll say, yes, he needs
> this 
> information.  I've written a similar application, but
> we transfer the 
> data offline asap.
> 
> Kyle
> 
> _______________________________________________
> 
> UPHPU mailing list
> UPHPU at uphpu.org
> http://uphpu.org/mailman/listinfo/uphpu
> IRC: #uphpu on irc.freenode.net
> 


      



More information about the UPHPU mailing list