0

I would like to save secure string in db for late usage. For example save password for facebook ap or similar. I have to save it to the DB bacause of many users and different passwords. Can I use openSSL with aes method or I have to use Libsodium.

Robert Mulinsky
  • 155
  • 9
  • 1
    Are you going to store peoples facebook passwords in your database? You should _not_ do that, encrypted or not. You shouldn't even ask for it. and it should _never_ go through your site. Rethink your strategy instead. – M. Eriksson Feb 19 '17 at 17:12
  • I think he wants to store the token in the database, which FB returns from oAuth 2.0, and is asking how to securely use prepare statements. In that case, [you can look at this question.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jaquarh Feb 19 '17 at 17:14
  • facebook is just for explanation. How you store type of this data. Not user password. App Secret for example – Robert Mulinsky Feb 19 '17 at 17:15
  • You should tell us what you're actually are going to store, since it matters when thinking about how to do it. Sometimes you need to encrypt data (and be able to decrypt it), sometimes you need to hash data (like when handling users passwords) etc. If you need to encrypt data, you should investigate different existing libraries (that uses proper private keys, like SSH keys etc) instead of rolling your own. Security and encryption is no easy task to get right yourself. It is easy to mess it up, though. – M. Eriksson Feb 19 '17 at 17:22
  • OK. I would like to store APP SECRET for facebook app in database. I was thinking that just store it like it is in DB is not safe. When you use app you need this string. So I need encryption - decryption rahter than hash. I think. – Robert Mulinsky Feb 19 '17 at 17:25
  • If you are going to store Facebook app_secret in a database, chances are you can do it in a better way. Because you need to decrypt the data to use it in app level, whoever breaks into your app is going to get it anyway. If you must store them in DB, I suggest to get a decent sys/DB admin to configure your database securely, or encrypt the db. – Anzel Feb 23 '17 at 11:51

0 Answers0