php - What is the best practice for using AES_ENCRYPT and how secure is it? -


i have been asked research on how form submission data can encrypted , ensure stored securely in database. form submission contain personal details employees , these must kept secure.

i have come across aes_encrypt() during research , have managed apply function stores data in database.

example sql statement used:

"insert employee (firstname) values (aes_encrypt('$name', '$encryption_key'))"

however, have limited knowledge in area , not sure if sufficient enough protection prevent data being hacked. level of security provide? there have missed or technique use improve implementation?

additionally, have stored encryption key in separate php file not know recommended way store is. advice on appreciated.

sorry if question vague or quite broad. complete beginner in area. happy provide more information if needed.

aes (rijndael) crypto pretty doggone secure. in practice, unless data tremendously valuable, can consider secure. unless actor vast resources decides want crack encryption, nobody will.

but it's symmetric. uses same key encrypt , decrypt stuff. so, can consider secure key.

your key insecure. if cybercreep cracks server running php code, access key. , gives them access encrypted data. , have bright neon road sign saying "here's data think sensitive."

don't forget security depends on weak link. it's considered smarter use money , time secure server, rather use symmetric encryption on few columns of dbms. in other words, respect, you're wasting time doing column based encryption.

if absolutely must encrypt data @ rest, should consider using asymmetric (public / private key) cryptosystem. encrypt stuff using public key, , keep private key on airgapped secure system in case need decrypt data.

your example (first name) isn't sensitive enough worth trouble.


Comments

Post a Comment

Popular posts from this blog

inversion of control - Autofac named registration constructor injection -

does autofac support specifying registration name in components' constructors? example: ninject's namedattribute . you need use autofac.extras.attributed package on top achieve this so let's have 1 interface , 2 classes: public interface ihello { string sayhello(); } public class englishhello : ihello { public string sayhello() { return "hello"; } } public class frenchhello : ihello { public string sayhello() { return "bonjour"; } } then have consumer class, in want select instance injected: public class helloconsumer { private readonly ihello helloservice; public helloconsumer([withkey("en")] ihello helloservice) { if (helloservice == null) { throw new argumentnullexception("helloservice"); } this.helloservice = helloservice; } public string sayhello() { return this.helloservice.sayhello()...
Read more

verilog - Systemverilog dynamic casting issues -

i've code snippet following in testbench function void write_to_port( my_data_type_base data ); my_data_type_extended data_ext; if(!$cast(data_ext, data)); `uvm_error(get_type_name(), "failed cast"); `uvm_info(get_name(), $psprintf("data_ext :\n%s", data_ext.sprint()), uvm_medium) // write data_ext out port.... endfunction when run it, i'm getting uvm_error "failed cast." i'm not quire sure why $cast not returning 1. can see, i'm printing out extended class data item after casting uvm_info. can see it's being cast properly. if don't use $cast if condition, don't runtime error. isn't coding practice use if dynamic cast check if $cast returning 1 ? what might reason behind cast not returning 1 in above case? i think semicolon on line 'if' not belong? i think consumes if statement, , uvm_error executes regardless of how if evaluates: if(!$cast(data_ext, data)); <- no semico...
Read more

ios - Change Storyboard View using Seague -

i have following code checks connection server, , depending on want change views if no connection found. nsstring *connect = [nsstring stringwithcontentsofurl:[nsurl urlwithstring:@"http://myserver.com"] encoding:nsutf8stringencoding error:nil]; if (connect == null) { [self performseguewithidentifier:@"network_failure" sender:self]; } else { // other code here } my problem not change views. have added storyboard segue between 2 views identifier of network_failure . not have navigation controller or that, problem? thanks help! no not problem. first of all, in objectivec exists nil object oriented null . must use that. so: if(connect == nil) or better: if(!connect) so due fact nil not same of null , probably code does't enter in if scope . you have been able discover breakpoint. anyway: be sure set trigger segue (line) 2 view controller , , name network_failure (that not best name. should instead view1toview2 ) as, m...
Read more