[support] Encrypting CCK Data

Adam Ely adame780 at gmail.com
Tue Feb 3 23:26:14 UTC 2009 

Gordon is some what right but really it depends what you are trying to
protect against and the acceptable level of risk. There is always risk so
you have to decide what is OK.

If you want to make sure the data is protected in the database at rest which
will then protect it when stored in back ups, transfered to a slave and
other things then you can build in encryption into the code that accesses
the data.  This could also protect you against some code vulnerabiilites but
not all, too abstract to get into since we don't know what cold be in the
code, etc..

If you want to protect from those who might have access to the code (legit
or not) and thus the keys, you need to add some key management to the
process. most of the solutions I have used in the past called a complied app
that went out and got the key or used a third party key management solution.

At any rate, might be more than what you are looking to do.

Adam



On Tue, Feb 3, 2009 at 3:05 PM, Gordon Heydon <gordon at heydon.com.au> wrote:

> HI,
>
> Because of how PHP works is is not really possible to encrypt data
> within the Drupal database.
>
> basically the problem is that to encrypt and decrypt the data you will
> need the private key, so any person who wants to find decrypt the data
> will most likely have full access to the private key and all the code
> to decrypt it. Even to the point of just calling directly the same php
> code to get the get the clear text.
>
> I would love to be able to do this for e-Commerce, but there is no way
> to keep it 100% safe. If they have access to the database, the rest is
> available to get the clear text version.
>
> Gordon.
>
> On 04/02/2009, at 5:56 AM, Steve Kessler wrote:
>
> > I am trying to make a site that will hold some sensitive information
> > that I would like to have at least minimal encryption on some of my
> > CCK fields. Is there an easy way to encrypt CCK text fields? I would
> > need to display the un-encrypted values when the nodes were viewed
> > by users with the correct permissions.
> >
> > Thanks,
> > Steve
> >
> >
> > Steve Kessler
> > Denver DataMan
> > 303-587-4428
> > Sign up for the Denver DataMan Free eNewsletter
> >
> > --
> > [ Drupal support list | http://lists.drupal.org/ ]
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20090203/e104d192/attachment.htm

More information about the support mailing list