在我公司的MySQL数据库中加密客户信息的最佳方式? [英] Best Way to Encrypt Customer Information in My Company's MySQL DB?
问题描述
我不确定从哪里开始。我们运行一个PHP应用程序显然,这将会产生一些我们希望最小化的额外开销。另一个问题是在使用新加密字段的地方更改代码的难度。
这是一个不必要的预防措施,但管理层似乎坚定不移。
什么类型的加密算法/方法最适合这种用例?
这里有一个非常好的写作如何做到这一点: http://thinkdiff.net/mysql/encrypt-mysql-data-using-aes-techniques/ 。
你会想要使用具有256位密钥的AES,因为现在是现行的最佳实践/标准。 256bit AES密钥被认为具有足够的尺寸以抵御现代计算能力。
这是一个好主意,无论您认为是否超负荷加密你的数据库。即使数据不是非常敏感,客户记录的丢失对您的公司至关重要也可能非常尴尬,并可能会对客户的信心产生不利影响,也会对未来交付数据的意愿产生不利影响。加密数据库的全部内容现在可能不是行业标准,但是趋势是这样移动的,不会因为采取更强大的安全性而受伤。如果没有别的话,可以把它当作你的深度防御实施中的另一个条目。
我也建议你查看这篇文章 - http://www.symantec.com/connect/articles/secure-mysql-database-design - 因为它提供了一个很好的,相当基本的安全数据库系统设计的介绍,应该给你一些关于其他事情的指针来检查你的应用程序。
So long story short, our company recently had an intrusion wherein our MySQL DB was dumped and stolen. The execs are really nervous now and in addition to upping other security measures, they are intent on encrypting all customer information (email address, home address, names, and the like) in the DB.
I am unsure of where to begin on this. We run a PHP app. Obviously, this is going to create some additional overhead that we'd like to minimize. Another concern is going to be the difficulty in changing the code wherever the new encrypted fields are used.
This strikes me as an unnecessary precaution, but management seems firm on it.
What type of encryption algorithm/method would be best for this use case?
There is a very good writeup on how to do this with MySQL here: http://thinkdiff.net/mysql/encrypt-mysql-data-using-aes-techniques/.
You'll want to use AES with 256bit keys, as that is the prevailing best-practice/standard right now. 256bit AES keys are considered to be of sufficient size to be secure against modern computing power.
It's a good idea, regardless of if you think it's overkill or not, to encrypt your database. Even if the data isn't horribly sensitive, the loss of customer records can be very embarrassing to your company, at the very least, and could adversely affect customer confidence and people's willingness to hand over their data in the future. Encrypting the full contents of your database may not be industry-standard right now but trends are moving that way and it cannot hurt you to adopt a stronger security posture. If nothing else, think of it as another entry in your Defense-In-Depth implementation.
I would also recommend you check this article out - http://www.symantec.com/connect/articles/secure-mysql-database-design - as it provides a good, fairly basic, introduction to secure database system design that should give you some pointers on other things to check for your application.
这篇关于在我公司的MySQL数据库中加密客户信息的最佳方式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
