加密用户数据自动登录第三方系统 [英] Encrypting user data for automatic login to third party system

问题描述

我发现自己处于一个网站上的一组用户，他们都存储了允许他们通过SOAP自动访问第三方服务的用户名和密码。这个想法是，每个用户只需要登录到主站点即可访问多个服务，使用其各自存储的每个服务的用户信息。我觉得这样的数据应该在我的数据库中被加密存储，然后在用户需要访问给定的服务时被传递到php / SOAP函数时自动解密。实现这个的最好方法是什么？

我已经看过AES_ENCRYPT，但似乎加密和解密使用了一个密钥，必须存储在我的代码，纯文本...似乎不是最聪明的事情。无论如何，这是我第一次这样做（如果你不能告诉）如果你能给我一些关于我应该如何处理的指针，我真的很感激。

非常感谢提前

解决方案

你偶然发现数据库中加密数据的最大问题：

➽存储密钥的位置？

加密无法解决保护数据的问题，只能将其集中成一个关键。无论您存储密钥，您的应用程序必须能够解密数据，所以可以做一个攻击者。有两个可能的解决方案，我知道：

1. 尽可能安全的将钥匙放在一个地方。这意味着，它应该被放置在服务器上不可访问的目录中的www-root目录之外。根据数据的重要性，您还可以考虑将加密外包给另一个专用服务器。


2. 根本不存储密钥并从用户密码中导出密钥。这是唯一真正安全的方式，因为连服务器都不能解密数据。当然，用户每次使用服务时都需要输入密码。如果用户更改密码，则需要重新加密所有数据。如果用户忘记密码，数据将丢失。

我建议将之前的数据加密到数据库中，因为MySQL AES_ENCRYPT使用没有IV的ECB模式。这样可以搜索某个值，但不太安全（我确定你不想通过密码进行搜索）。

I find myself in a situation where I have a set of users on a site who all have stored usernames and passwords that allow them to automatically access third party services via SOAP. The idea is that each user should only need to log in to the main site to gain access to multiple services, using their respective stored user info for each service. I feel like such data should be encrypted in my database when stored and then automatically decrypted when it's passed to the php/SOAP function when the user needs to access a given service. What would be the best way to accomplish this?

I've had a look at AES_ENCRYPT, but it seems as though the encryption and decryption makes use of a key that would have to be stored in my code, in plain text...which doesn't seem like the brightest thing to do. Anyway, this is my first time out on something like this (if you couldn't tell); if you could give me some pointers on how I should approach this, I'd really appreciate it.

Many thanks in advance

解决方案

You stumbled over the biggest problem with encrypting data in the database:

➽ Where to store the key?

Encryption cannot solve the problem of securing data, it can only "concentrate" it to a key. Wherever you store the key, your application must be able to decrypt the data, so can do an attacker. There are two possible solutions to this problem i know of:

1. Place the key in a place as secure as you can. That means, it should surely be placed outside of the www-root directory in an inaccessible directory on the server. Depending on the importance of the data, you can also consider to outsource encryption to another dedicated server.
2. Don't store a key at all and derive it from the user password. This is the only really safe way, because not even the server can decrypt the data then. The cons are of course, that the user needs to enter the password every time he uses your service. If the user changes the password, you need to re-encrypt all data. If the user forgets the password, the data is lost.

P.S. I would recommend to encrypt the data before storing it to the database, because MySQL AES_ENCRYPT uses the ECB mode without an IV. This allows to search for a certain value, but is less secure (i'm pretty sure that you don't want to search by password).

这篇关于加密用户数据自动登录第三方系统的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！