IndynewToPhp Posted March 22, 2009 Share Posted March 22, 2009 I'd like to add a bit of security to my stored email addresses. I am thinking of using mcrypt to do this. Is this a good idea?....or... Are there negative consequences of this I am not thinking of? Goal is to prevent at least "trouble free" phishing of my email list if the database is compromised. Thanks Quote Link to comment Share on other sites More sharing options...
WolfRage Posted March 22, 2009 Share Posted March 22, 2009 I think it is a very good idea, except that you have to protect the key or else it will have been a fruitless effort. Also you have to weigh the benfit with the cost of trying to access a email address for use. It will now take at least twice as long becuase each email must be decrypted before it can be utilized. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted March 22, 2009 Share Posted March 22, 2009 I don't think it's worth it, TBH. It's not like an email address is particularly sensitive information. Just get a good spam filter. I get some 1500 per month, but they're all caught. Quote Link to comment Share on other sites More sharing options...
WolfRage Posted March 22, 2009 Share Posted March 22, 2009 I agree with that as well as far as individual responsibility, and between g-mail and thunderbird; I have no spam issues, but if he wishes to protect the emails any way, just to show he is protecting individual privacy, it is a feasible route. Quote Link to comment Share on other sites More sharing options...
IndynewToPhp Posted March 22, 2009 Author Share Posted March 22, 2009 Daniel0, I guess one part of me agrees with you...but the other part has this concern: If my database is compromised, it is much easier to send a phishing email regarding my website because that is where the email was found. In other words, someone could send an email (albeit fake) to the people in my database saying "Hey we want to update our info, send your SS#, first borns name, banking account info..." blah blah blah and have it look like it came from my website. The person receiving the email knows they've signed up on my website...thereby making it all the more believable. Yeah, it seems as though the receiver of such an email should know better but it may be better to prevent it from happening (or at least attempt to make it not so easy)...in the first place. I more than welcome dissenting thoughts on this! Quote Link to comment Share on other sites More sharing options...
IndynewToPhp Posted March 25, 2009 Author Share Posted March 25, 2009 Does anyone have additional advise on this or comments...if not...I guess I will implement it. I also wonder if storing a persons maiden name is a good idea or not? Is there any security issue/identify theft issue there as well? Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted March 28, 2009 Share Posted March 28, 2009 Have you considered normalizing your storage of emails? I split the email address into its local and domain parts... you can store the the domain part as normal but can then encrypt the local part. e.g joe@bloggs.com... in my user table i store 'joe' in `email_local` and 1 in `domain`. then just have an association table to mach 1 to 'bloggs.com' - advantage of this is most people will have hotmail gmail etc so you cut down the amount of data stored significantly. You still have the encryption to do - I'd leave that to mysql - use the aes_encrypt and aes_decrypt functions in your query - this should' be more efficient than decrypting the results in php. so what you will end up with in should someone gain access to your database is a table full of domain names that they can read and a field in your user table with the local part of the email encrypted. you will always have to pay for encryption/decryption but reducing the amount of data you are encrytping should always help. Other may have better options but what I've suggested above is what I do - I'd love to improve so hopefully someone will have a better plan!! Quote Link to comment Share on other sites More sharing options...
WolfRage Posted March 28, 2009 Share Posted March 28, 2009 Brilliant, at first I was like, nah that wouldn't do that much good, but holly crap; it is a signifigent reduction in size. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted March 28, 2009 Share Posted March 28, 2009 Size is not your only concern in software engineering. Factors such as development time, code complexity, and performance are important as well. Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted March 28, 2009 Share Posted March 28, 2009 Daniel is correct in that In this case there is no extra hit on your code IF you let the database manage the encryption - I very much doubt you will see a significant performance hit on this. only point i would make here is that you sould use a class tomanage this and encrypt that file too (with zendguard or ion cube) so that your encryption salt is not available if they get ftp access too! Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted March 28, 2009 Share Posted March 28, 2009 Daniel is correct in that In this case there is no extra hit on your code IF you let the database manage the encryption - I very much doubt you will see a significant performance hit on this. No, not in your script, but the database server will most certainly take a performance hit. If you for instance encrypt the email address then you will need to store it in a BLOB, but this means you cannot make any indexes, so if you have like one million rows and need to find the user with a particular address then you'll need to check every row, which will most certainly be slower than selecting from an indexed row. Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted March 29, 2009 Share Posted March 29, 2009 of course there will be a hit - but thats the trade off - if you need encryption then you need encryption. with the hardwae today that hit is not 'that bad'. Quote Link to comment Share on other sites More sharing options...
corbin Posted March 29, 2009 Share Posted March 29, 2009 ToonMariner, you way overestimate servers. Also, just because something "can do it the slow way," doesn't mean that it should be done the slow way. Lets say you have a popular site with email searching capabilities. Now, lets say that there are 0-10 concurrent email address searching queries. That will kill MySQL. (Well, not literally kill, but MySQL wouldn't like it much.) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.