How to secure the email ids stored in the database?

Question

I am storing passwords after bcrypting but user email ids as a plain text(without encrypting), because I want to send newsletters to that email ids regularly. I have got two questions?

1. How to secure the database so that email ids as the plain text in the database can be secured from hackers?

2. Is there any way to check the particular database table is only accesed by my web form not from outside?

note:I am new to database.

Answer 1

There's nothing wrong with storing emails in plaintext. Even if accessed they don't allow the attacker to access the accounts (provided the authentication works correctly). There's no reason to encrypt them unless you have some very specific requirements we don't know about.

If you want to secure your database in general:

• read the database documentation
• if you have multiple services / scripts accessing the data, make sure they have separate accounts and have access only to the data they need to access
• make sure your database backups are at least as secure as the database itself
• limit the source hosts (possibly when setting up users) for the accounts to only allow connections from your web frontend, or if you're running on the same host maybe you can disable everything apart from loopback (bind the database to 127.0.0.1)
• ... loads of other things are possible, but start from the basics... you'll find more ideas in the documentation, I'm sure

Answer 2

1- If you really want to encode the emails, and need to decode them in the future, your best bet is to look at the MySQL encryption functions like ENCODE() and DECODE(). First you need to set up a "salt". This is like a secret code. It can be the same for every record, like this:

SELECT DECODE(email, 'mysecretsalt') FROM Table WHERE id=1

Or, you can make the salt part from a code and another field in the table, like this:

SELECT DECODE(email, CONCAT('mysecretsalt', id)) FROM Table WHERE id=1

2- Set up a specific user in your database that ONLY has access to that specific table and ONLY has INSERT privileges for when you are adding records, and then another user that only has SELECT privileges when you are retrieving the records. Also, lock those users down to the "localhost". If a hacker gets one of those, they can't do much.

Also, when you receive the email from the customer in the form of a request variable (GET or POST), to protect from SQL injection attacks, either escape characters (in PHP, you could use mysqli_real_escape_string()) or simply get rid of all characters that don't belong. In PHP, it would look like this:

$email = preg_replace('/[^A-Za-z0-9\\.@-_]/', '', $email);

That's the way I like to do it.