OZONE Asylum
Forums
Server-Side Scripting - Oh my!
Storing sensitive data in a database
This page's ID:
28056
Search
QuickChanges
Forums
FAQ
Archives
Register
Edit Post
Who can edit a post?
The poster and administrators may edit a post. The poster can only edit it for a short while after the initial post.
Your User Name:
Your Password:
Login Options:
Remember Me On This Computer
Your Text:
Insert Slimies »
Insert UBB Code »
Close
Last Tag
|
All Tags
UBB Help
In IT there's a term for this: healthy paranoia. You know that something bad will happen. You don't know who, specifically, will do it, why, how, or what they might be after. So you try and analyse what you have to try and figure out what might be targetted and what might not be, how they might get in (within reason) and from there you figure out wht precautions you can take. Remeber that there's no such thing as 100% secure. The only computer which is 100% secure is the one that is never turned on, never plugged in, and, frankly, never even built. So then you weigh up your security measures, against the detriment they make to your service. Every security measure you put in place adds another step to the process, and adds more latency to the result. You can encrypt every bit of data used in the site, but then every time it has to be used (ie: every time someone accesses the site) it has to be decrypted again. And where do you store the keys? You could have 1024 bit encryption if you wish, but if someone can get the key, you may as well be sending clear text. It's making the distinction between data that is really sensitive, and what you can replace if it's vandalised, and what doesn't really matter. So... things like passwords should go in under a non-reversible hashing encryption, like MD5 Usernames, clear-text. Addresses and telephone numbers... I'd consider some kind of security for them, but nothing terribly drastic Page contents for a CMS, clear text. They're going to be called on a regular basis,and it adds too much latency ot have them encrypted. That's just an example of it. It's really going to be up to you, in the end, to decide what's valuable, and what isn't. And remember, no amount of security takes the place of regular backups, and dumps of your databases. And there's always going to be things out of your control, like the physical security of the web servers. Unless you run them yourself, it's up to your host to secure them, and to do backups of the servers. You can regularly backup your data and download it, and you can set up cron jobs to dump your database and email it to yourself. Beyond that, there's not much you can do. [url=http://sunday.yarinareth.net][img]http://members.ii.net/~skaarjj/tempus.gif[/img][/url] Justice 4 [url=http://www.justice4pat.com]Pat Richard[/url]
Loading...
Options:
Enable Slimies
Enable Linkwords
« Backwards
—
Onwards »
Maximum Security
OZONE
DHTML/Javascript
Server-Side Scripting - Oh my!
CSS - DOM - XHTML - XML - XSL - XSLT
Stupid Basic HTML
Visual Therapy
Photoshop
Photoshop Pong, Anyone?
***WARNING*** BIG SIG APPROACHING
Photography
3D Modelling & Rendering
Multimedia/Animation
Print Graphics
Holding Pens
Philosophy and other Silliness
Outpatient Counseling
Site reviews!
Mad Scientists' Laboratory
Getting to know the Grail