0

I have cloud webserver running ubuntu where a MySQL database is installed. The database has a table with sensitive data. To protect the data I would like to encrypt the database (or database content). These are the options I thought about:

  1. Encryption of the ubuntu disk drive (not the database) Problem: The database content is transparent and the data is not encrypted in the MySQL database
  2. Encrypting of the column content using AES_ENCRYPT Probem: The content needs to be decrypted for search operations and the private key needs to be transfered for a request. If a hacker has access to the webserver he would probably also have access to the key (stored in a PHP/Script file).
  3. Encryption using a PHP script Problem: The private key needs to be stored on the webserver. A hacker might get access to it.

Is there a secret way to store the private key on a webserver (maybe on the hardware)? Or what is the best way to encrypt the database / content of a database?

Improve this question
2
  • This is a big question, bigger than you think. There are keystores for this but there is far to much to this than would fit into a SO answer Commented Dec 17, 2021 at 13:25
  • Is it like in Android where the keystore safes it on the Hardware? So what ist the common way? Storing it in a folder and restricting the permissions? Commented Dec 17, 2021 at 13:30

1 Answer 1

Reset to default
-1

How much is sensitive data? Typically i would encrypt the data being passed to the server for example MD5. I don't need to see this information myself, but as long as the user puts in the same value that was used to encrypt then the server / code / database matches on the md5 value and can retrieve whatever is needed.

There is no real way to reverse this unless someone knows the original string, or its been included in the pubic md5 lookup databases.

For example, email, username, password. All stored in MD5, as long as the user inputs the same email, username and password. then the MD5 value will match what is in the database. There is no need for keys, no decrypting (As this will use a lot of resource power)

This may be ill advising you, as without really know the content. For example if you have a whole database of Names, Addresses, Phone Numbers, card numbers etc etc etc an you need to view this information then you will need to encrypt and decrypt as and when you need.

(Would of posted as a comment, but too much text)

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.