Welcome Guest, Not a member yet? Register   Sign In
Working with an encrypted database
#1

I'm soon going to be starting a CI project where there is a requirement for the database to be encrypted as it will store sensitive client data.

I've not worked with database encryption before but I'm assuming that I can use the the encryption library to encrypt data that is saved to the database, and to decrypt any information coming from the database. Is that straight-forward to set up and is there anything else I need to consider?

One issue that has occurred to me is how to manage searching the database fields. One of the requirements is for a client lookup search based on name, address, dob etc. However if these fields are encrypted then a fulltext search isn't going to work. Has anyone encountered this issue before and if so how did you overcome it?

The only solution that I can currently think of is to generate a temporary table with the search data and to destroy it afterwards. This is obviously not going to be very efficient, but is the best that I can currently come up with. Any other suggestions welcome!

TIA
Reply
#2

(This post was last modified: 05-17-2019, 05:13 AM by dave friend.)

Handle searchs by encrypting the value of the needle in the haystack being searched.

I have not seen many systems where ALL the data was encrypted. It was usually just the sensitive things with value like passwords, emails, Gov't identification numbers, medical records, account numbers, monetary values, etc. Most of the time names and other identifying info was not encrypted. There were exceptions where it was all hashed, but they were few few.
Reply
#3

@jhob,

The other thing that is important is to make sure that you require the site to use an SSL certificate, which will encrypt any content between the users browser and the web server.
Reply
#4

(05-17-2019, 04:57 AM)dave friend Wrote: Handle searchs by encrypting the value of the needle in the haystack being searched.

I have not seen many systems where ALL the data was encrypted. It was usually just the sensitive things with value like passwords, emails, Gov't identification numbers, medical records, account numbers, monetary values, etc. Most of the time names and other identifying info was not encrypted. There were exceptions where it was all hashed, but they were few few.

Thanks. Yeah, I thinking now it will just be the sensitive patient records that will be encrypted and that any fields that can be searched upon will not be.

Although further issue is if encryption key is stored on the server as plain text, as it would be with CI encryption library, and the server is then compromised, attacker would have the key required to decrypt the contents of the database. Are there any solutions that can help to guard against that?
Reply
#5

(05-17-2019, 05:41 AM)php_rocs Wrote: @jhob,

The other thing that is important is to make sure that you require the site to use an SSL certificate, which will encrypt any content between the users browser and the web server.

Yep, absolutely!

Site is not public too so will also be IP restricted to known locations.
Reply
#6

(This post was last modified: 05-17-2019, 10:51 AM by dave friend.)

(05-17-2019, 09:07 AM)jhob Wrote: Although further issue is if encryption key is stored on the server as plain text, as it would be with CI encryption library, and the server is then compromised, attacker would have the key required to decrypt the contents of the database.  Are there any solutions that can help to guard against that?

If they gain that kind of access there isn't anything they cannot do. If they have unrestricted access to the webserver files they likely have the same access for the entire server meaning there isn't any place a key can be stored where it is secure. (Scary eh?)

But encrypting the database will pevent them getting usable data in the event of a successful attack the gets them into the database only.
Reply
#7

(05-17-2019, 09:07 AM)jhob Wrote: Although further issue is if encryption key is stored on the server as plain text, as it would be with CI encryption library, and the server is then compromised, attacker would have the key required to decrypt the contents of the database.  Are there any solutions that can help to guard against that?

I'm no security expert, but maybe a solution would be to store the key on the client side, sent with each request over https? Or some kind of 2 factor authentication, one key on the server and another one sent from the client side, and you need the 2 keys to decrypt the database? Those are just ideas, I don't know if it would be more secure.
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/
Reply




Theme © iAndrew 2016 - Forum software by © MyBB