Gordon is some what right but really it depends what you are trying to protect against and the acceptable level of risk. There is always risk so you have to decide what is OK.<br><br>If you want to make sure the data is protected in the database at rest which will then protect it when stored in back ups, transfered to a slave and other things then you can build in encryption into the code that accesses the data. This could also protect you against some code vulnerabiilites but not all, too abstract to get into since we don't know what cold be in the code, etc..<br>
<br>If you want to protect from those who might have access to the code (legit or not) and thus the keys, you need to add some key management to the process. most of the solutions I have used in the past called a complied app that went out and got the key or used a third party key management solution.<br>
<br>At any rate, might be more than what you are looking to do.<br><br>Adam<br><br><br><br><div class="gmail_quote">On Tue, Feb 3, 2009 at 3:05 PM, Gordon Heydon <span dir="ltr"><<a href="mailto:gordon@heydon.com.au">gordon@heydon.com.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">HI,<br>
<br>
Because of how PHP works is is not really possible to encrypt data<br>
within the Drupal database.<br>
<br>
basically the problem is that to encrypt and decrypt the data you will<br>
need the private key, so any person who wants to find decrypt the data<br>
will most likely have full access to the private key and all the code<br>
to decrypt it. Even to the point of just calling directly the same php<br>
code to get the get the clear text.<br>
<br>
I would love to be able to do this for e-Commerce, but there is no way<br>
to keep it 100% safe. If they have access to the database, the rest is<br>
available to get the clear text version.<br>
<br>
Gordon.<br>
<br>
On 04/02/2009, at 5:56 AM, Steve Kessler wrote:<br>
<br>
> I am trying to make a site that will hold some sensitive information<br>
> that I would like to have at least minimal encryption on some of my<br>
> CCK fields. Is there an easy way to encrypt CCK text fields? I would<br>
> need to display the un-encrypted values when the nodes were viewed<br>
> by users with the correct permissions.<br>
><br>
> Thanks,<br>
> Steve<br>
><br>
><br>
> Steve Kessler<br>
> Denver DataMan<br>
> 303-587-4428<br>
> Sign up for the Denver DataMan Free eNewsletter<br>
><br>
> --<br>
> [ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br>
<font color="#888888"><br>
--<br>
[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br>
</font></blockquote></div><br>