MySQL encrypted columns

Question

Say each row in a table has data pertaining to one particular user. The user has a password to access the system.

How do I encrypt a column of data using InnoDB so t

Answer 1

You could store another key to encrypt/decrypt user specific data which could be generated when a new user is created. Let's call this new key user key. This user key should also be encrypted in database and the most direct approach would be to encrypt it by means of the user's password or any other data which cointained the password (such as the password and creation/modification time, etc.).

I would keep in user's session the decrypted user key to access user's data at any desired time within session.

The issue of modifying user's password involves re-encrypting the user key by means of the new password which is much more straight forward than re-encrypting the whole bunch of user's data that can be arbitrarily large. The user key remains the same accross the life of the user data in the system.

Of course this method can only be used if authentication is carried out by sending the actual user password to the server at logon, since database only desirably contains the hash of the password.