Mysql加密/存储敏感数据, [英] Mysql encryption / storing sensitive data,
问题描述
- 启用SSL
-
p> Cookie:
session_set_cookie_params($ cookieParams [lifetime],
$ cookieParams [path ],$ cookieParams [domain],$ secure,$ httponly);
-
输入密码SHA512,然后是password_hash(),最后是PASSWORD_BCRYPT
- Mysqli准备的语句
- 将INSERTING / UPDATE输入到Mysql
- htmlentities等时,输入全部消毒xss在可能的情况下。
我现在打算使用AES_Encrypt函数对敏感数据进行加密,在webroot目录之外。
这可能潜在地存储患者数据,我的位置看起来是否足够安全?
问题:
当您插入/更新时,您如何对输入进行消毒?如果您使用的是Prepared Statements,那么您也不应该手动转义数据。
答案:
例如:
$ firstname = ucwords(filter_input(INPUT_POST,'firstname',FILTER_SANITIZE_STRING));
我一直明白不使用 MySQL内置的加密功能,因为休息(在SQL中)数据的加密点是,如果服务器受到威胁,则数据不会有太多的风险。
MySQL内置功能的问题是,它不适用于何时将数据传递到休息 状态,所以任何数据的明文都可以记录在MySQL日志中(和存储系统的其他地方,比如查询查询都没有加密,所以你可以从多个查找和他们的计数结果推导列值)之前/加密。 您可以在这里阅读更多关于这里。
关于加密,您应该使用一些经过验证的库,如 defuse / php-encryption 。
从我自己对此主题的研究中我已经看到,Magnus提供的链接 defuse / php-encryption 是防止MySQL导致您破坏数据的最佳方法之一,永远不要让MySQL程序/服务器看到数据的明文值。
I have the following in place for my PHP website:
- SSL enabled
Cookies :
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);Passwords SHA512 on transit, then password_hash() and finally PASSWORD_BCRYPT
- Mysqli Prepared statements
- Inputs all sanitized when INSERTING / UPDATE into Mysql
- htmlentities etc..used to avoid xss where possible.
I'm now looking to use AES_Encrypt function to encrypt sensitive data by having the $key to encrypt and decrypt stored outside the webroot directory.
This could potentially store patient data, does what I have in place seem secure enough?
Question:
How are you sanitizing the inputs when you INSERT/UPDATE? If you're using Prepared Statements, you should not escape the data manually as well.
Answer:
example:
$firstname = ucwords(filter_input(INPUT_POST, 'firstname', FILTER_SANITIZE_STRING));
I have always understood NOT TO USE MySQL's built in encryption fuctionality because the point of encryption of data at rest (in the SQL) is that if the server is compromised, the data is not at [as much] risk.
The problem with the MySQL built in functionality is that it doesn't apply to when the data is passed to and from the "at rest" state, so the plaintext of any data can be recorded in MySQL logs (and elsewhere on the storage system, such as query lookups are not encrypted so you can from numerous lookups and their count results deduce column values) before/as it is encrypted. You can read more about this here.
Regarding encryption, you should use some tried and tested library like defuse/php-encryption.
From what I've read in my own research on this topic, the link provided by Magnus to defuse/php-encryption is one of the best ways of preventing MySQL ever causing you to compromise your data, by never letting the MySQL program/server ever see the plaintext value of your data.
这篇关于Mysql加密/存储敏感数据,的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
