Welcome Guest, Not a member yet? Register   Sign In
Working with an encrypted database
#6

(This post was last modified: 05-17-2019, 10:51 AM by dave friend.)

(05-17-2019, 09:07 AM)jhob Wrote: Although further issue is if encryption key is stored on the server as plain text, as it would be with CI encryption library, and the server is then compromised, attacker would have the key required to decrypt the contents of the database.  Are there any solutions that can help to guard against that?

If they gain that kind of access there isn't anything they cannot do. If they have unrestricted access to the webserver files they likely have the same access for the entire server meaning there isn't any place a key can be stored where it is secure. (Scary eh?)

But encrypting the database will pevent them getting usable data in the event of a successful attack the gets them into the database only.
Reply


Messages In This Thread
Working with an encrypted database - by jhob - 05-17-2019, 02:37 AM
RE: Working with an encrypted database - by jhob - 05-17-2019, 09:07 AM
RE: Working with an encrypted database - by dave friend - 05-17-2019, 10:49 AM
RE: Working with an encrypted database - by jhob - 05-17-2019, 09:08 AM



Theme © iAndrew 2016 - Forum software by © MyBB