Level 34
For obvious security reasons (if your logic demands it that way) you can encrypt any type of data , just be sure to make data base fields length accordingly. Generally speaking only passwords are encrypted.
May 8, 2015
4
Level 4
Encrypting more than user password
Hey guys, it just occurred to me that if it is a good idea to encrypt the user password, wouldn't it be a good idea to encrypt the last name and street address as well? That way if someone gains access to your database the data is unusable unless the perpetrator has a way of decrypting the data.
Is there a 'best practices' regarding the encryption of database fields. If I am way off base please explain.
Thanks. Happy Friday!
Level 65
You'd obviously need a way of decrypting so if they have access to the database, they can probably see where and how to decrypt that data. I would worry about securing the server/code before trying to encrypt that sort of data, obviously nothing is 100% secure all of the time but seems a bit extreme.
1 like
Level 12
@csuarez Try this http://thinkdiff.net/mysql/encrypt-mysql-data-using-aes-techniques/
Copied from that site:
"Sometimes clients want that the information they collected from the user should be encrypted and stored in database. Data encryption and decryption is a common technique for secured data. In this article I’ll show how could you use mysql’s built in function to encrypt and decrypt data.
Suppose you’ve a table where you want to encrypt user’s name & address. So look below the structure of the table. In this table we will store name and address as encrypted."
...check the link :D
-edit- And this might interest you as well http://www.symantec.com/connect/articles/secure-mysql-database-design
2 likes
Level 4
thanks @xsmall. I will give this a try.
Please or to participate in this conversation.