I thought about the additional layer of protection of the mariadb database. The database has a table with especially confidential information - name, passport, phone number, address and much more. It is stored in the database as it is, which is very bad.

The first idea, which came - to enter an additional password, which the user (it is better to say the operator, because the base is not aimed at a wide range of users) must be entered when accessing the data. By the way, the client part in php, html, js, etc. So, in the database to store crypt () data, and when accessing decrypt the password that the user enters. Keep the password during the session, and after - delete.

But there is such a thing. I work with the database through dbForge Studio for MySQL. There are many other programs, but I like this one more. So, often you have to make different queries to the database. And as a matter of fact, having executed such request, I will receive hashes of some data (which ciphered).

How to be here. Can anyone have experience? How to organize security, etc. etc.

  • 2
    And what's wrong with that you get encrypted data (and please do not call it a hash. Because hashing is an irreversible data conversion, that is, it is impossible to decrypt the hash) - Mike
  • @Mike But I need to work with this data. It turns out that I will receive a sample of data, but I cannot find out what kind of person it is, etc. Not quite comfortable. I'll probably have to write a php script that would execute the query and output everything as a table .... I realized about the cache) - n.osennij
  • one
    Well, you can debug queries on impersonal data. And after debugging, immediately insert them into the script that will decode them - Mike

1 answer 1

If you use a strong algorithm, then security will depend mainly on the key. Making users use strong keys is quite difficult. So I would recommend focusing on this task.

Also keep in mind that encrypted data is very difficult to index and search in them is also difficult.

If you make it possible to customize the encryption algorithm, this will allow you to select an algorithm that does not encrypt during development and then it will be somewhat easier to debug the system. When deploying a system in run mode, you will need to remember to enable a robust algorithm.

Do not forget to also think about the delimitation of data access, not only at the table and column level, but also at the physical level, i.e. The database should be on a separate server and access to it should be limited.