在数据库中存储用户电子邮件地址的最好和最安全的方法是什么？ [英] What is the best and safest way to store user email addresses in the database?

问题描述

出于安全考虑，在将用户电子邮件发送到数据库之前是否值得加密？

From security reasons, is it worth encrypting user emails before putting them into the database?

我知道我们的哈希和盐密码，但这是另一个故事，因为我们不真的需要密码原件。使用电子邮件是不同的。

I know we hash and salt passwords but that's another story as we do not really need password originals. With emails it is different.

知道解密密钥无论如何都会靠近数据库，加密电子邮件是否有意义？我想如果有人进入系统，他们也会找到关键，如果不是最终的。

Knowing that the decryption key will anyway be somewhere close to the database, does it make sense to encrypt emails? I suppose if someone gets into the system, they will find the key as well, if not immediately then eventually.

最佳做法是什么？如果我运行自己的服务器，而不是在共享/虚拟主机上，是否还有其他选项？

What are the best-practices? Are there any other options available if I run my own servers and not on a shared/virtual hosting?

编辑：我打算使用SQL Server。不，没有安全要求的企业软件，只是我想到的一些娱乐网站。

I intend to use SQL Server. And no, it is no corporate software with security requirements, just some entertainment site I have in mind.

推荐答案

如果你是将来需要使用电子邮件地址，那么您必须以纯文本形式存储。

If you're going to need the email address in the future, then you'll have to store them in plain text.

您可以加密它们，但是，这是有效的在这种情况下，通过晦涩的安全。基本上，如果您的应用程序的外围设备安全，则其中的数据可以是纯文本。加密这里增加了使用数据的复杂性，但并不能真正阻止攻击者获取原始数据。

You could encrypt them, of course, however, this is effectively security through obscurity in this case. Basically, if your application's perimeter is secure, your data within it can be plain text. Encrypting here adds complexity to you working with the data, but doesn't really stop an attacker from getting your raw data.

正如你所说，如果他通过你的周边防御，他可能很容易得到您的解密密钥来解密电子邮件数据。加密可能会使确定的攻击者稍微减慢，但不会为您的数据增加任何真正的安全性。

As you say, if he gets through your perimeter defenses, he's likely to easily get your decryption key to decrypt the email data. Encryption may slow down the determined attacker slightly, but will not add any real security to your data.

最好的情况是将电子邮件地址（salt！）和存储那个。这样，您可以根据输入值检查电子邮件地址（例如），并确认输入的电子邮件地址与存储的电子邮件地址相同，当然，主要的缺点是您无法知道该电子邮件地址地址没有额外的价值，所以如果你想（例如）定期向你的用户发送电子邮件，你将失去运气。

The best scenario is to hash the email address (with salt!) and store that. This allows you to check the email address against an input value (for example) and verify that the email address input is the same as what you have stored, of course, the major downside for this is that you can't know what the email address is without that additional value, so if you're wanting to (for example) regularly email your users, you'll be out of luck.

我怀疑你'重新存储电子邮件地址是因为它是有用的数据，而您将想要做某事（例如发送电子邮件:)，在这种情况下，加密只会增加使用该数据的开销，同时获得

I suspect you're storing the email address because it's useful data, and you will want to do something with it (like send an email :) in which case, encrypting just adds overhead to working with that data, whilst gaining very little in return.

在这种情况下，我将专注于保护数据库本身的访问（即您的周界防御），并确保它们一样强大，同时将数据以纯文本形式保留在数据库中。

In this case, I would focus on securing access the database itself (i.e. your "perimeter" defenses) and ensure they are as strong as can be, whilst leaving the data in the database in plain text.

这篇关于在数据库中存储用户电子邮件地址的最好和最安全的方法是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！