0

All the columns (fields) of the table are encoded when saved, how do query(comparison and search tasks).how is this possible? (when i use encodeString() method in laravel just can decode then do something on(in this way if data is big what do) and when use hash method, just can compare it is equal or not like password and can not decode and show).

And is there a better way to protect database information assuming that someone accesses the database?

how can I implement that in laravel or php?

Martin
  • 22,212
  • 11
  • 70
  • 132
isa bagheri
  • 1
  • 2
  • If encoded data will need to be decoded to compare it, or encoded the same data, depends what it is. Encryption/hashing can be used for data storage. This is a broad topic, have you researched it? – user3783243 Oct 24 '22 at 13:29
  • using the same encoding method, you need to encode your parameters when querying your tables. – didene tahi Oct 24 '22 at 13:33
  • Almost by definition you can not "search" encrypted data. It is also important to note **what exactly are you protecting your data from?** because the answer to this question will heavily guide how you protect your data in the DB. – Martin Oct 24 '22 at 13:50

1 Answers1

0

Encryption and Hashing

There are two types of things one is encryption. In that case you give encryption key to encrypt data and same key to decrypt data. If you are using that, you can decrypt data after fetching from DB and compare it.

Other is Hashing. In it your data is hashed by a hashing function. In it data is hashed and its hash will be stored in DB. Passwords are stored in this way. and you cannot get data back from hash. you can create a data hash and compare it with hashes stored in DB.

In other words. Hashing is one way. You can create Hash from data but not data from Hash.

If you use encryption it will increase your system processing too much and if you use Hashing you need to have your data in hands to process it you cannot just retrieve it from DB.

Usman Khan
  • 56
  • 8
  • All data should be encrypted. In a perfect system, the data is always encrypted so that only verified connections can access it. There is no real reason to question this; like someone questioning why there's a pin code on your bank card or why you lock your front door – Martin Oct 24 '22 at 13:47
  • Thanks @Martin But I think no one encrypts everything in DB then only encrypt sensitive data. Like passwords pin codes etc. – Usman Khan Oct 24 '22 at 13:52
  • "But I think no one encrypts everything in DB" . This is beside the point. How do you know what you think is correct? Just because no one does it, does that make it wrong? Once (A long time ago) no one ate bread, does that mean baking bread is wrong? I myself use fully encrypted databases and I know others who use fully encrypted databases due to the types of data being handled in some situations.... Just because you don't (either through lack of need or lack of understanding) doesn't mean that *no one* should. – Martin Oct 24 '22 at 13:55
  • For further reading you may wish to [explore here](https://stackoverflow.com/questions/46001354/encryption-at-rest-and-or-aes-encrypt/46007406#46007406) as well as the entire [Information Security Stack Exchange](https://security.stackexchange.com/) – Martin Oct 24 '22 at 13:58