更新时间:2023-11-28 14:57:52
我不是确保如果使用MySQL构建加密将是您的问题的***解决方案。
PHP的 M_CRYPT 包被认为是相当不错的,它使您灵活选择最适合您需求的算法。
将密钥存储在其他服务器上有一个很大的优点:密钥与加密数据 *)不在同一台机器上。因此,只要攻击者对受攻击的机器没有足够的控制权,就无法获得密钥。
如果攻击者完全掌握了存储在数据中的机器,那么他们很有可能会能够查询网络服务的密钥。
然而,将密钥从一台计算机传输到另一台机器打开了一个需要保护的整个新区域。可能涉及更多的密钥和更多的加密层,从而增加错误的机会。
*)另一个选项是输入密码在网络服务器启动后,只能将其保存在内存中。
可能的解决方案
如果看到使用了以下使用Web访问用户加密文件的方法(我不确定您的环境,但可能有帮助):
此方法的优点是:
1.随机密钥在数据库中加密。因此,您还可以与加密列结合使用数据库服务器的附加安全性。
2.如果攻击者持有一个密钥,只有部分文件被盗用,文件就会被存储不同的密钥。
但是:
如果攻击者持有主密码并具有对用户表的读取权限,则整个系统再次被破坏。
I plan on using MySQL and it's built-in encryption functionality to encrypt / decrypt certain columns in certain tables. The concern I have is that I need to store the key somewhere. I could certainly store the key in a file and control the permissions of that file and the permissions of the application that accesses it, but is that enough? I could also create a web service to get the key or something.
I am in a small shop where I would be the only one (possibly one other person) that would have access to the machine that the application was on. Edit: I should add that there is a web facing part of this application that would need to decrypt the data unless I added a tier.
I have looked ad nauseum, but no one seems to have a bulletproof answer.
Is this one of those problems where you have to settle for good enough? Given that I am using MySQL and PHP (possibly Python) is there a better way to approach this?
I'm not sure if using MySQL build in encryption would be the best solution to your problem.
PHP's M_CRYPT package is thought to be quite good and it gives you the flexibility to choose the algorithm that is best suited for your needs.
Storing your key on some other server has one big advantage: the key is not on the same machine as the encrypted data*). So as long as the attacker does not have enough control over the compromised machine, they cannot get to the key.
If the attacker gains full control of the machine the data is stored on, they most likely will be able to query the web-service for the key.
However, transmitting the key from one machine to another opens up an entire new area that needs to be secured. Probably involving more key's and more encryption layers, thereby increasing the chance of mistakes being made.
*) The other option is to enter the password upon webserver start up and only keep it in memory.
Possible solution
If seen a solution employed that used the following method for encrypting files for users with web access (I'm not sure of your environment, but it might be helpful):
The advantages of this approach are:
1. The random-key is encrypted in the database. So you still have the added security of the database-server, in combination with the encrypted column.
2. Documents are stored with different keys, if the attacker gets hold of a key, only part of the documents is compromised.
However:
If the attacker gets hold of the master password and has read access to the user-table, the entire system is, once more, broken.