dcsimg
Results 1 to 2 of 2

Thread: Handling Secure Data

  1. #1

    Thread Starter
    Super Moderator dday9's Avatar
    Join Date
    Mar 2011
    Location
    South Louisiana
    Posts
    9,420

    Handling Secure Data

    A little bit of background, I'm in the insurance industry which is heavily regulated. I have had several agents approach me about building them CRM websites, which I have done in the past without including sensitive data such as driver's license numbers, social security numbers, etc. and so the only thing that I've had to use in the past is PHP's built in encryption for passwords (more specifically the password_hash function).

    Now I've been approached to build a CRM website by a insurance company, not an individual agent, but the company, for all of their agents. I still won't need to store driver's license numbers or social security numbers, however they do want the customer's basic information such as their phone numbers and addresses to be secure. Since the fields should ultimately be decrypted, I figured that I would use MySQL's AES_DECRYPT and AES_ENCRYPT functions. But since, I've never had to deal with encrypting data before, I wanted to ask here how this would work.

    What I don't understand is how to create and use the secure key for the respective AES functions. If I'm hard-coding the key in the PHP file, it seems like my entire encryption would be at risk if someone got their hands on the individual PHP file by simply finding the SQL query and getting the key from the value passed in the MySQL parameter.

  2. #2
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    31,773

    Re: Handling Secure Data

    Get a site certificate, run everything over HTTPS. Don't put the key in the PHP file, but in the database, the sprocs can then locate it and use it as needed and use it. Everything stays on the server.

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width