jordanwb Posted December 18, 2008 Share Posted December 18, 2008 In a form that I made that is using HTTPS, one of the fields is for the Applicant and Co-Applicant's SIN numbers. Now I don't know how I'd go about encrypting them securely so that they cannot be obtained in a hacking. Any ideas as to storing SIN numbers safely? I'll probably find something in two minutes. I always do. :-\ Link to comment https://forums.phpfreaks.com/topic/137566-storing-a-sin-number-in-mysql/ Share on other sites More sharing options...
rhodesa Posted December 18, 2008 Share Posted December 18, 2008 depends on how you need to access them? you can always encrypt them with a one-way encryption using crypt(). But, you won't be able to read the SIN back. If someone provides the SIN again, you can find the matching record though. Just google for PHP user login tutorials and how to store passwords in a database....same concept Link to comment https://forums.phpfreaks.com/topic/137566-storing-a-sin-number-in-mysql/#findComment-719002 Share on other sites More sharing options...
jordanwb Posted December 18, 2008 Author Share Posted December 18, 2008 That's the thing though, one way encryption won't work. Someone posted a link of an encryption algorhythm that uses a key. But if someone hacks into the server the hacker could get the key and the algorhytym. Link to comment https://forums.phpfreaks.com/topic/137566-storing-a-sin-number-in-mysql/#findComment-719008 Share on other sites More sharing options...
rhodesa Posted December 18, 2008 Share Posted December 18, 2008 exactly, anything that isn't one-way is really just obfuscating it Link to comment https://forums.phpfreaks.com/topic/137566-storing-a-sin-number-in-mysql/#findComment-719026 Share on other sites More sharing options...
jordanwb Posted December 18, 2008 Author Share Posted December 18, 2008 That's true. So it doesn't really seem worth it to encrypt the SIN numbers. Link to comment https://forums.phpfreaks.com/topic/137566-storing-a-sin-number-in-mysql/#findComment-719055 Share on other sites More sharing options...
rhodesa Posted December 18, 2008 Share Posted December 18, 2008 That's true. So it doesn't really seem worth it to encrypt the SIN numbers. um...that is up to you. obfuscation while not bullet-proof in any way shape or form, it is still a layer of protection. but, by obfuscating, it's adds an extra layer of complexity to your code... Link to comment https://forums.phpfreaks.com/topic/137566-storing-a-sin-number-in-mysql/#findComment-719075 Share on other sites More sharing options...
jordanwb Posted December 18, 2008 Author Share Posted December 18, 2008 um...that is up to you. obfuscation while not bullet-proof in any way shape or form, it is still a layer of protection. but, by obfuscating, it's adds an extra layer of complexity to your code... Couldn't hurt. I'll add some obfuscation. Link to comment https://forums.phpfreaks.com/topic/137566-storing-a-sin-number-in-mysql/#findComment-719161 Share on other sites More sharing options...
fenway Posted December 19, 2008 Share Posted December 19, 2008 Look a the PCI compliance stuff for credit card numbers and CVVs. Same idea. Link to comment https://forums.phpfreaks.com/topic/137566-storing-a-sin-number-in-mysql/#findComment-719648 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.