Security and storing SSN, address

[phpknight]

In a database I am working on, I may have to store the SSN and address/phone of registered users, but it will not have any cc info in it.  PHP is running in suexec.

 

The passwords are obviously going to be done using hashes.  However, for the SSN, would you recommend symmetric or assymetric encryption, or none at all.  I was leaning toward symmetric, especially since I don't have a very secure place offsite to hold this data.  Moreover, I think this data is a bit sensitive to be put in a database with no encryption at all.  Any suggestions?  For the address/phone, etc., I was thinking that encryption is probably not necessary.

 

I would appreciate any advice from security experts here on what the best practice would be.

[Wildbug]

Have you searched the web for this information?

 

http://www.securityfocus.com/infocus/1667

http://blog.i64.pl/PiosBlog/200609/01-secure-mysql-database/

http://forums.mysql.com/read.php?30,99340,99340

 

What are the advantages of using asymmetric encryption?  Won't both keys still be available at the same level of security?  (Disclaimer:  I'm no security expert and have not made any "serious" efforts in this area.  I do read a bit about encryption and such, though.)

 

(IMHO)

 

Encrypted partitions are of limited usefulness as, while they are mounted, they will be accessible as if they were not encrypted.  This method would be mostly to guard against physical theft of a harddrive/computer or an attempt to access the information directly on disk.  Most(?) attempts at stealing data will be from across the network and through the same methods you are legitimately using to access data (PHP, mysql client, etc).

 

As far as I know, encoding the data itself within the database will mostly cover what you need/expect.  You should ensure the permissions of the files containing the password(s) are 400 and belong to the user under which PHP is running.  Of course, anyone on the system who runs PHP can read your file....

 

As far as data retrieval goes, you can still use indexes on encrypted data, but you'll need to convert/encode any data when comparing it to your encrypted column.  I.e., "SELECT * FROM users WHERE ssn='" . encryption_function($ssn) . "'";

 

SSL adds another layer of security, otherwise this sensitive data is being transferred in cleartext.

[phpknight]

Okay, thanks.  I've read quite a bit on the topic, I just wanted to get a feel for what somebody else would do since this is the first time I will actually be implementing something like that.

 

About the file permissions, though.  What do you mean exactly?  The passwords will be stored in the database, right?

[Wildbug]

About the file permissions, though.  What do you mean exactly?  The passwords will be stored in the database, right?

 

Not user passwords, the password that you use to encrypt sensitive data (the SSN data, for example) via whatever algorithm.  This will have to be used in the PHP file, and PHP files must be readable to the user/process running Apache/PHP.  Often file permissions on web files is lax since they are mostly available to the world anyway, so you might have them at 644 or something, but that would mean any user on the system could "cat file.php" and see your password/encryption scheme.  Setting permissions to 600 or 400 limits access.  Of course, Apache/PHP will still have access to this file, and any user can write a PHP script to access it.... <?php highlight_file("file.php"); ?>

 

Okay, so I don't have a complete solution to this.  In fact, it's something that I'd like to solve myself as I've wanted many times to keep a file with, say, MySQL authentication  in it safe from prying eyes but still accessible to PHP, and it always comes down to this.