是否值得在数据库中加密电子邮件地址? [英] Is it worth encrypting email addresses in the database?

问题描述

我已经在使用 salted hashing 将密码存储在我的数据库中，这意味着我应该不受彩虹表 攻击.

I'm already using salted hashing to store passwords in my database, which means that I should be immune to rainbow table attacks.

不过，我有一个想法:如果有人确实掌握了我的数据库怎么办?它包含用户的电子邮件地址.我真的无法对这些进行哈希处理，因为我将使用它们来发送通知电子邮件等.

I had a thought, though: what if someone does get hold of my database? It contains the users' email addresses. I can't really hash these, because I'll be using them to send notification emails, etc..

我应该加密它们吗?

推荐答案

Bruce Schneier 对这类问题的反应很好.

Bruce Schneier has a good response to this kind of problem.

密码学不能解决您的安全问题.它可能是解决方案的一部分，也可能是问题的一部分.在许多情况下，密码学一开始会使问题变得更糟，而使用密码学是否是一种改进并不清楚.

Cryptography is not the solution to your security problems. It might be part of the solution, or it might be part of the problem. In many situations, cryptography starts out by making the problem worse, and it isn't at all clear that using cryptography is an improvement.

从根本上加密您在数据库中的电子邮件以防万一"并不能真正使数据库更安全.数据库的密钥存储在哪里?这些密钥使用什么文件权限?数据库是否可以公开访问?为什么?这些帐户有哪些帐户限制?机器存放在哪里，谁可以物理访问这个盒子?远程登录/ssh访问等怎么样等

Essentially encrypting your emails in the database 'just in case' is not really making the database more secure. Where are the keys stored for the database? What file permissions are used for these keys? Is the database accesable publically? Why? What kind of account restrictions are in place for these accounts? Where is the machine stored, who has physical access to this box? What about remote login/ssh access etc. etc. etc.

所以我想如果你愿意，你可以加密电子邮件，但如果这是系统安全的程度，那么它真的没有多大作用，实际上会使维护数据库的工作变得更加困难.

So I guess you can encrypt the emails if you want, but if that is the extent of the security of the system then it really isn't doing much, and would actually make the job of maintaining the database harder.

当然，这可能是您系统广泛安全策略的一部分 - 如果是这样那就太好了！

Of course this could be part of an extensive security policy for your system - if so then great!

我并不是说这是个坏主意 - 但是为什么要在 Deadlocks'R'us 的门上锁上一把锁，当他们可以切割门周围的胶合板时，它们的价格为 5000 美元?或者从你打开的窗户进来?或者更糟糕的是，他们找到了留在门垫下的钥匙.系统的安全性取决于最薄弱的环节.如果他们拥有 root 访问权限，那么他们几乎可以做他们想做的事.

I'm not saying that it is a bad idea - But why have a lock on the door from Deadlocks'R'us which cost $5000 when they can cut through the plywood around the door? Or come in through the window which you left open? Or even worse they find the key which was left under the doormat. Security of a system is only as good as the weakest link. If they have root access then they can pretty much do what they want.

史蒂夫·摩根指出即使他们无法理解电子邮件地址，他们仍然会造成很多伤害(如果他们只有 SELECT 访问权限，则可以减轻)

Steve Morgan makes a good point that even if they cannot understand the email addresses, they can still do a lot of harm (which could be mitigated if they only had SELECT access)

了解您完全存储电子邮件地址的原因也很重要.我可能有点过火了 this answer，但我的观点是您真的需要为帐户存储电子邮件地址吗?最安全的数据是不存在的数据.

Its also important to know what your reasons are for storing the email address at all. I might have gone a bit overboard with this answer, but my point is do you really need to store an email address for an account? The most secure data is data that doesn't exist.

这篇关于是否值得在数据库中加密电子邮件地址?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！