A Good Method for Storing Personal Information
https://stackoverflow.com/questions/8206151
-
05-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am writing a web application (in PHP) at the moment that holds sensitive information about users on it, but in order to comply with the DPA, I want it to be fully encrypted as its running on a shared server. This information is then provided to specific users who have been identified outside.
And although I am confident of securing the way the data is distributed, and mostly confident of the server company, i just want reassurance.
I was wondering if anyone had any ideas of how to encrypt the data that is stored with a key that is also secure. I know it could be obfuscated, or masked in someway, but that could be used. Yes, its probably a bit overkill, but I need to be certain of it.
Solution
don't store the key in the system. store the key outside the system (piece of paper, some other system, etc.) supply the key to the system when you initialize it and have the system keep it in memory the whole time.
OTHER TIPS
Send the information to the system encrypted. Key should be in the hands of the user. Decrypt the information at the user's computer.
