Posted by Gordon Burditt on 05/10/06 01:08

>What is more secure ?
>
>Encrypt data using php functions before send it to database (mysql), or
>Encrypt directly on database, using encryption functions of database
>server ?

What is your threat model? What is the risk of someone listening
in on your PHP<-->DB connection? (The DB and PHP are often on the
same host, or if not, on the same LAN). Does the DB log queries?
Where are the DB backups kept?

Then again, if the DB and PHP are on the same host, and the thief
steals the whole host, he's got both the encrypted data and the
key, with either setup.

>$key = "this is a secret key";
>$input = "Let us meet at 9 o'clock at the secret place.";
>---
>$encrypted_data = mcrypt_ecb (MCRYPT_AES, $key, $input,
>MCRYPT_ENCRYPT);
>or
>$query = "insert into myTable (text)
>values(AES_ENCRYPT('".$input."','".$key."'))";
>
>I think encrypt data directly with php is better because the
>information is sent directly encrypted to database server, but i not
>sure.

If the threat model is only someone tapping the connection between
PHP and the database, but not breaking into either server, I think
you're right. But I'm not so sure that is a common threat model.

Gordon L. Burditt

[Back to original message]