How can I store sensitive data securely in a MySQL database?
Solution 1
This is an overly simplified answer and should be taken with a grain of salt, as most answers about security:
Use SSL everywhere.
Use a secure encryption key
For storage of encrypted data, you could use a BLOB
field, and use MySQL's built in encryption functions. Example:
update mytable set myfield = AES_ENCRYPT('some value', SHA2('your secure secret key', 512));
If you prefer to do the encryption/decryption in the application code, take a look at PHP's Mcrypt functions.
- Encrypt the user input
- Store in the database
- Decrypt it after fetching it
This is by no means a complete guide, but it's a start and better than doing nothing.
You may be able to learn more on https://security.stackexchange.com/
Solution 2
SQL query with key in it (as Wesley Murch suggests) is not a good idea. If you do:
update mytable set myfield = AES_ENCRYPT('some value', 'your secure secret key');
... and the query gets logged (slowlog for inst.) your secure secret key is captured in plain text, which should never happen. Such a query with the secret key would be also visible when you run query like SHOW PROCESSLIST
.
Next problem where to store the secure key? In PHP file? It is again plain text.
Encrypt data:
Use private/public key encryption (http://en.wikipedia.org/wiki/Public-key_cryptography). PHP has quite good support for it.
- Public keys can be stored with the user in DB, it is public.
- Private key can be encrypted with user's password. When user logs in, you decrypt the private key and store it in his cookies (if you use SSL, it is not that bad place) or session. Both are not perfect but better than plain text in php file.
- Use the public key to encrypt, private key to decrypt.
- Only user will have the access to his data.
If you want to learn more, you can google "user controlled encryption" or "zero knowledge privacy".
SQL inserts / XSS:
The best protection is secure app. No doubt. If you want to secure it, you can use for inst PHP IDS to detect attacks: https://github.com/PHPIDS/PHPIDS
I have quite good experience with it.
Solution 3
As implied in the comments, you are asking a huge question. You are going to need to research a number of separate issues:
- SQL Injection and how to prevent it
- XSS and how to prevent it
- encrypting submitted form data using SSL
- best practices for storing sensitive information in a database
It would be hard to address all of them in one answer. I would suggest performing some searches on this site for the topics mentioned above.
Jacob Cannon
Updated on November 17, 2020Comments
-
Jacob Cannon over 3 years
I am making an employment application for a company I am working for. I've got it to protect against SQL injection and some XSS techniques. My main issue is keeping sensitive information secured, like SSN and address, because the company needs that to make 1099 forms for the salesmen's taxes.
I don't know how to do this part, but should I encrypt everything and then decrypt it when it gets into the MySQL database?
-
Jon about 11 yearsIf you want it secure, it should be encrypted in the MySQL database, not only during the transit.
-
sjdaws about 11 yearsIf it can be decrypted by you, it can generally be decrypted by someone who has access to your database. Maybe you need to hire a professional?
-
Michael Petrotta about 11 yearsThis is an awfully broad question, Jacob. Can you focus it some more? If you're more interested in end-to-end encryption (why? to ensure confidentiality? So that your users trust that they're submitting the data to the right entity?), then take out the other bits. What's your background in this area? If it's little to none, then let me humbly suggest that you do some offline reading - any help that can fit in an SO answer won't help much. The OWASP is a good place to start.
-
Arun Killu about 11 yearsSQL injection and XSS hs to be taken care from application .
-
anditpainsme about 11 yearsAlso, just to mention. Encrypted information is decryptable information.
-
Jacob Cannon about 11 yearswell i really want to ensure confidentiality and make it safer for our employees, I've done html a lot in the past and have been studying it since 15, and just recently got back into it aggressively because my friend needed this done. I just started learning PHP and MySQL a lot more than a hobbyist standpoint, and am going to school for this as well
-
Rory Alsop about 11 yearsFor more information, come and look at security.stackexchange.com - we cover a lot of this kind of thing :-)
-
-
Jacob Cannon about 11 yearsso what your saying is to encrypt it and put the encrypted info in the database, then when we need it to somehow decrypt it in a secure, not public, seperate webpage?
-
dspacejs almost 9 yearsYou should have explained encryption better, it's really important and as developers it's our job to make sure we do security well. Check out this response to a question, he has a really good guide to encryption.
-
zaph almost 8 yearsIt is best not to use mcrypt, it is abandonware, has not been updated in years and does not support standard PKCS#7 (née PKCS#5) padding, only non-standard null padding that can't even be used with binary data. mcrypt had many outstanding bugs dating back to 2003. Instead consider using defuse, it is being maintained and is correct.
-
JakeParis over 7 yearsYou shouldn't actually guard it with your life -- it's just computers. ;)