2

I am writing a web application (in PHP) at the moment that holds sensitive information about users on it, but in order to comply with the DPA, I want it to be fully encrypted as its running on a shared server. This information is then provided to specific users who have been identified outside.

And although I am confident of securing the way the data is distributed, and mostly confident of the server company, i just want reassurance.

I was wondering if anyone had any ideas of how to encrypt the data that is stored with a key that is also secure. I know it could be obfuscated, or masked in someway, but that could be used. Yes, its probably a bit overkill, but I need to be certain of it.

Christian Rau
  • 45,360
  • 10
  • 108
  • 185
topherg
  • 4,203
  • 4
  • 37
  • 72
  • Is it feasible to have the clients encrypt the data before sending it to you? The client owns the key and thus you never have any access to the personal information. – sarnold Nov 21 '11 at 00:55
  • Can't the decryption key be taken right out of the app if it's running on the same shared server? – jli Nov 21 '11 at 00:55
  • @sarnold The data is sent via HTTPS, with having a private key, it needs to be accessible from within the system (by trusted individuals), sorry, should have said that – topherg Nov 21 '11 at 01:25
  • @jli how do you mean? its all in php, so the scripts would still be visible – topherg Nov 21 '11 at 01:25

2 Answers2

2

don't store the key in the system. store the key outside the system (piece of paper, some other system, etc.) supply the key to the system when you initialize it and have the system keep it in memory the whole time.

necromancer
  • 23,916
  • 22
  • 68
  • 115
  • i was thinking of having a key generator on a separate server that gets the passwords. But that sounds cool, would that be possible with PHP though, if possible, it sounds nifty – topherg Nov 21 '11 at 01:29
  • 2
    At least the Apache startup routine can do this if your X509 certs are password-protected -- prompt at startup for the password. It does mean a _human_ has to be there to start servers, but it might be nice to force an attacker to suck a key out of memory rather than just reading it from a file. Small hurdles, you know. – sarnold Nov 21 '11 at 01:30
  • that sounds like it would work, only i dont have access to the servers at that level. how could you setup apache to do that – topherg Nov 21 '11 at 01:32
  • 1
    i'd do it at the app level. it is easier if you are in control of the entire codepath as opposed to using cert storage infrastructure which needs learning, and i am always scared of the cert storage password being cracked by an intruder. in my own tomcat .war based product the database passwords are the secret and the way i do it is that a filter takes the user to an initialization page for entering db passwords IF a db connection is not found in the servlet context. there is an additional password to restrict who can enter a db password. thus system initialization security is at the app level – necromancer Nov 21 '11 at 03:31
  • @agksmehx so not really PHPable without recompiling PHP to get the code at startup, but cheers, useful – topherg Nov 21 '11 at 16:27
1

Send the information to the system encrypted. Key should be in the hands of the user. Decrypt the information at the user's computer.

ilhan
  • 8,700
  • 35
  • 117
  • 201