Jump to content

Time waste? Encrypt mySQL with openssl?


ChenXiu

Recommended Posts

I have an ecommerce site on shared hosting enviroment. My ecommerce site stores customer data (name, address, email, phone, and item purchase) in mySQL database.

(No super private data like credit card numbers or social security numbers.)

Using openssl (openssl_cipher, iv, etc.), I've been encrypting this customer data and storing the encrypted data in mySQL.

Today, I'm thinking "what's the point." It's like having a lockbox with the key on the wall above...

My thoughts:
1. The "secret cyphers" are located on my server, so if someone hacks my server, they'll get the secret cyphers anyway.
2. Encrypting the Customer Data will add, at the most, 5 extra minutes, for the hacker to find.
3. Perhaps if mySQL was stored on a different server, encrypting may be useful... but mySQL is on same server.
4. On the flipside, if I did get hacked, at least I could demonstrate I tried my best to encrypt what I could...

What do you all think?

Sorry for my bad english. I am not from around these parts.

 

Link to comment
Share on other sites

Most "hacks" are people gaining access to a database by way of SQL injection. Encryption would help because they can't get the encryption key - just the data.
Of course the problem with encryption is that if you lose your key then you lose everything. Irrevocably. Plus the obvious drawbacks of having to encrypt and decrypt stuff all the time.

Shared hosting is itself a risk, too. Can you move off it? Besides the dedicated environment being more secure, you can also mitigate SQL injection attacks by moving the database off to another server - one not exposed to the internet - and on this same server you also put a simple webservice that gets and stores customer data. Essentially, you make API calls to yourself when you need that data.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.