在PHP中使用AES加密时，密码应该存储在哪里? [英] Where should one store the cipher key when using AES encryption with PHP?

问题描述

我正在我的Web应用程序中实现AES-256位加密:

I am implementing AES-256 bit encrpytion in my web app:

http://www.utoxin.名称/2009/07/automatic-db-field-encryption-in-cakephp/

其中一个步骤说将使用的密码和密钥存储在boostrap文件中.但是，是什么阻止了某人使用PS或其他东西扫描文件系统并解密数据呢?

One of the steps says to store the cipher used and key in a boostrap file. But what is stopping someone from scanning the file system with PS or something and decrypting the data?

保护数据的最佳方法是什么?

What is the best way to secure the data?

推荐答案

如果某人可以访问您服务器硬盘上的所有文件，则所有选择都将关闭.这样，您就无法保护数据，因为您的Web应用仍然必须能够访问它.

If someone has access to all files on the hard drive of your server, all bets are off. There is no way you can protect your data then, because your webapp still has to be able to access it.

此加密只会保护您免受可以访问数据库但不能访问文件系统(例如文件系统)的攻击者的侵害.通过SQL注入.即使在这种情况下，他们也可能能够读取数据:根据特定的泄漏，webapp可能会为他们高兴地解密数据！

This encryption will only protect you from attackers who can access the database, but not the file system, e.g. through SQL injection. And even in that case they may be able to read the data: depending on the particular leak, the webapp might happily decrypt it for them!

这篇关于在PHP中使用AES加密时，密码应该存储在哪里?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！