Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Best Way to Encrypt Customer Information in My Company's MySQL DB? [closed]

Tags:

security

php

mysql

encryption

People also ask

How do I encrypt an entire MySQL database?

To enable encryption for the mysql system tablespace, specify the tablespace name and the ENCRYPTION option in an ALTER TABLESPACE statement. mysql> ALTER TABLESPACE mysql ENCRYPTION = 'Y'; To disable encryption for the mysql system tablespace, set ENCRYPTION = 'N' using an ALTER TABLESPACE statement.

Does MySQL encrypt data-at-rest?

MySQL Enterprise TDE enables data-at-rest encryption by encrypting the physical files of the database. Data is encrypted automatically, in real time, prior to writing to storage and decrypted when read from storage.

What is the best method of applying encryption to the sensitive data without any downtime?

Symmetric Encryption uses OpenSSL to encrypt and decrypt the data which means we are able to use any of the algorithms supported by OpenSSL. We used aes-256-cbc which is also the recommended default algorithm.

Is MySQL client encrypted?

MySQL supports encrypted connections between clients and the server using the TLS (Transport Layer Security) protocol. TLS is sometimes referred to as SSL (Secure Sockets Layer) but MySQL does not actually use the SSL protocol for encrypted connections because its encryption is weak (see Section 6.3.

There is a very good writeup on how to do this with MySQL here: http://thinkdiff.net/mysql/encrypt-mysql-data-using-aes-techniques/.

You'll want to use AES with 256bit keys, as that is the prevailing best-practice/standard right now. 256bit AES keys are considered to be of sufficient size to be secure against modern computing power.

It's a good idea, regardless of if you think it's overkill or not, to encrypt your database. Even if the data isn't horribly sensitive, the loss of customer records can be very embarrassing to your company, at the very least, and could adversely affect customer confidence and people's willingness to hand over their data in the future. Encrypting the full contents of your database may not be industry-standard right now but trends are moving that way and it cannot hurt you to adopt a stronger security posture. If nothing else, think of it as another entry in your Defense-In-Depth implementation.

I would also recommend you check this article out - http://www.symantec.com/connect/articles/secure-mysql-database-design - as it provides a good, fairly basic, introduction to secure database system design that should give you some pointers on other things to check for your application.

Related questions

How to use Elastic Search on top of a pre-existing SQL Database?
How to insert into MySQL using a prepared statement with PHP [duplicate]
Push notifications from server to user with PHP/JavaScript
CodeIgniter, models, and ORM, how to deal with this?
Simple cross-browser, jQuery/PHP file upload with progress bar [closed]
Speeding up CakePHP
Best PHP client library for accessing RabbitMQ (AMQP)?
PHP static variables in double quotes
PHP "or" Syntax
Does mysql_real_escape_string() FULLY protect against SQL injection?
PHP local server Invalid request (Unexpected EOF)
Best way to document (phpdoc) generators (methods that yield)
codeigniter, result() vs. result_array()
PHP array performance
PHP: what's an alternative to empty(), where string "0" is not treated as empty? [duplicate]
Apache is "Unable to initialize module" because of module's and PHP's API don't match after changing the PHP configuration
PHP-friendly NoSQL solutions [closed]
a better approach than storing mysql password in plain text in config file?
C# SHA-1 vs. PHP SHA-1...Different Results?
Storing Credit Card Numbers in SESSION - ways around it?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!