How can I store sensitive data securely in a MySQL database?

Question

I am making an employment application for a company I am working for. I\'ve got it to protect against SQL injection and some XSS techniques. My main issue is keeping sensiti

Answer 1

This is an overly simplified answer and should be taken with a grain of salt, as most answers about security:

• Use SSL everywhere.

• Use a secure encryption key

For storage of encrypted data, you could use a BLOB field, and use MySQL's built in encryption functions. Example:

update mytable set myfield = AES_ENCRYPT('some value', SHA2('your secure secret key', 512));

If you prefer to do the encryption/decryption in the application code, take a look at PHP's Mcrypt functions.

• Encrypt the user input
• Store in the database
• Decrypt it after fetching it

This is by no means a complete guide, but it's a start and better than doing nothing.

You may be able to learn more on https://security.stackexchange.com/