Data storage security with PHP / PDO
After several hours of researching the topic of persisting stored data, I'm a little confused as to what is the best thing to do now.
I have a database for my (SSL) site where I am the only one who has access to it (hackers do not count). Login data is stored in a configuration file outside of the document root. In the database, I have things like the names and addresses of my clients and now I am worried that I need to implement all the security measures put forward by crypto experts like in this answer ( How do you encrypt and decrypt a PHP string? ) or as specified here ( secure storage of sensitive data in the database ).
Since neither in my PDO / SQL and PHP workshops, nor in normal posts here on stackoverflow, I see these encryption and authentication methods being used, or more specifically eg. clues when explaining PDO and PHP commands like INSERT INTO ...
etc. I'm not sure if it is now necessary to deploy encryption and authentication measures for every record in my databank (is it possible to do this afterwards?). The security measures I have been told about in tutorials and articles relate to using prepared PDO statements.
If encryption and authentication is what I should be doing, it is probably like this: not the most convenient and fastest way to just use password_verify()
and password_hash()
for every sensitive data input, how is it done for passwords?
EDIT password_verify()
and password_hash()
are hashing (not encrypting) methods, which means the data is irrevocably mutilated and can be confirmed but not read.
source to share
-
Since your web server (presumably) needs to be able to access the data, it is somewhat useless to encrypt it alone when the web server can (should) decrypt it. What for? Because the web server is often the weak link. If an attacker can gain access to it, they can do everything they can, including decrypting the data.
-
Resting data encryption is only useful to prevent leaks on the backchannel, such as improperly processed backups (which you are doing, right, right?) That dump the data in plain text to a file that is then accidentally lost somewhere. So that you don't use unlimited encryption, your database will be transparent to the client; that is, it is not something that you have to impose with application logic unless it is an integral part of your application, it is something the database should be concerned about.
-
password_hash
is a hash, it does not encrypt the data, it irrevocably manages it, so it is impossible to get the original from it. This is great for storing credentials that you need to confirm but not read; it is useless for nothing else. -
The main points of security are to isolate your database server "physically", that is, do not provide any access to it from anything other than the web server; be very restrictive and specific in this regard. This means the weaknesses are at entry points like your web server. Make sure your web server is blocked as much as possible, provides as little attack surface as possible (no unnecessary open ports or running services), and that your application code running on it does not allow any exploits to be used (yes, this complex part, takes knowledge and discipline).
-
You can further strengthen it by separating database access with different accounts that have different permission levels; that is, some accounts have read-only access to certain tables, while others have read / write access to other tables. If you can split your web server into separate roles that only need certain limited access, it further enhances security while avoiding vulnerabilities in one part that allow exploits in another.
source to share
There are different types of database encryption and depending on what data you want to protect and why you will be doing different things.
1) Database Level Encryption / Transparent Data Encryption
This is where your RDBMS encrypts everything for you at the file level. This means that if anyone has access to the hard drive or backup media, they should not have access to the data. See here how to do it with MySQL: https://dev.mysql.com/doc/refman/5.7/en/innodb-tablespace-encryption.html (note that this is not a PCI compliant solution, you will need MySQL Enterprise Edition or another enterprise database, or additional security measures for that).
Note. It does not protect your data if your application is compromised.
2) Encryption at the field level
You can encrypt the data to be stored in any field you like. Here's a good answer that addresses this: fooobar.com/questions/46833 / ...
The disadvantage of field level encryption is that you cannot query for data. In each case, you will need to pull the data into your application and then decrypt it one field at a time.
Note. It does not protect your data if your application is compromised.
Note that the difference between 'encryption' and 'hashing' ( password_verify
and password_hash
refers to hashing) ... encryption allows you to secure data, store it, and retrieve it. Hashing, by definition, prevents you from fetching data.
In all cases, the most important thing is to protect your application. The encryption of the underlying data is very secondary.
source to share