0

A client has an online job application form that will be collecting social security numbers for a background check. Right now we are using RSForm Pro and Joomla 1.5. I have it set up so that the form is using SSL and the ssn field is a password field (not that it really does anything), but there is no encryption on the database side. I checked with RSJoomla (the maker of RSForm) and they said there is no default capability for this. I looked at the way the database is set up, and it's a bit odd.

My question is this- is anyone familiar with how RSForm works enough to tell me where to begin trying to encrypt/decrypt a particular field (or all of them, if that's easier)?

And how is the best way to go about this? From what I've gathered I should use AES and probably some salt.

kaitlynjanine
  • 63
  • 9
  • Read this (http://stackoverflow.com/questions/8123382/t-sql-aes-encryption-vs-hashing-salting-for-logging-in-users-to-website ) stack overflow question about using AES vs. salt – George Wilson Nov 06 '12 at 15:44

1 Answers1

0

You're right, AES would be a good method.

I have never seen the code used for RSForms so can't give you an exact answer.

The syntax used for AES encryption and decryption are:

AES_ENCRYPT(str, key_str);
AES_DECRYPT(crypt_str,key_str);

So to insert a data field into your database, would be something like this:

$key = 'ASKSDFNSDFKEISDJAHDLDSDF1235UUUiidfsdf'; 
INSERT INTO #__tablename VALUES (AES_ENCRYPT($_POST['social_security_number'],$key));

Please always try things like this on a localhost before you integrate it on your live site.

Lodder
  • 19,758
  • 10
  • 59
  • 100
  • Thanks. Is there a method to auto-generate the key, or would I set the variable within the code like you show? Do I not need to worry about salt for this? We always use a development server- better to be safe than sorry! – kaitlynjanine Nov 06 '12 at 16:53
  • No, it's not automatically generated. It's a shared secret key. You can use a salting method aswell if you want as it will increase the security. – Lodder Nov 06 '12 at 17:12
  • Thanks for your help- much appreciated. I've never salted before and can't find much help online. Can you point me in the right direction? – kaitlynjanine Nov 06 '12 at 17:58