I want to be able to encrypt all the data that I save in a MySQL database. I also need to be able to decrypt the data using a private key.
我希望能够加密我在MySQL数据库中保存的所有数据。我还需要能够使用私钥解密数据。
This database can be accessed by more than one person.
该数据库可由多个人访问。
I would like to know what PHP functionality I need to use in order to accomplish this.
我想知道我需要使用什么PHP功能才能实现这一目标。
Thank You
2 个解决方案
#1
11
Encrypting your entire database is a lot of trouble unless the database offers "transparent encryption", Oracle databases offer such a thing. A light-weight open source solution using transparent encryption is SQLite. With this feature, the encryption does not apply to the data directly but the storage itself is encrypted. This means that you can work on your database as usual with the added benefit that the physical storage is encrypted. But unfortunately, MySQL does not offer such a thing.
加密整个数据库是很麻烦的,除非数据库提供“透明加密”,Oracle数据库提供了这样的东西。使用透明加密的轻量级开源解决方案是SQLite。使用此功能,加密不直接应用于数据,但存储本身已加密。这意味着您可以照常处理数据库,并获得物理存储加密的额外好处。但不幸的是,MySQL并没有提供这样的东西。
First, why it's not a good idea to encrypt your entire database. Encrypted data looks like random garbage to your database. This implies a lot of negative things such as
首先,为什么加密整个数据库不是一个好主意。加密数据看起来像数据库的随机垃圾。这意味着很多负面的事情,比如
- SELECTs no longer work on your data the way they did before, if at all (requires a lot of effort)
- Indexing becomes pretty much useless
- Database logs are rendered useless
- ...
SELECT不再像以前那样处理您的数据,如果有的话(需要付出很多努力)
索引变得毫无用处
数据库日志变得无用
If you encrypt using MySQL's built-in encryption support then this means that the data itself is sent in plain text to the database - unless you use a TLS-secured connection, this means that eavesdroppers won't care about your encryption at all.
如果使用MySQL的内置加密支持加密,则这意味着数据本身以纯文本形式发送到数据库 - 除非您使用TLS安全连接,这意味着窃听者根本不关心您的加密。
So if you need to encrypt data you should keep it at a minimum and only encrypt the truly sensitive parts of your data to still be able to execute efficient queries on it. You should also encrypt the data directly in the application if there is no possibility to have a secure TLS connection between application and database.
因此,如果您需要加密数据,则应将其保持在最低限度,并且只加密数据中真正敏感的部分,以便仍然能够对其执行有效的查询。如果应用程序和数据库之间不可能有安全的TLS连接,您还应该直接在应用程序中加密数据。
#2
0
If you need to encrypt a set of clients' credit card numbers (or social security numbers, or tax file numbers, or some other field that needs to be kept secret) in a database, here's how not to do it, followed by some better methods:
如果您需要在数据库中加密一组客户的信用卡号(或社会安全号码,税号文件号或其他需要保密的字段),请按以下步骤操作:方法:
#1
11
Encrypting your entire database is a lot of trouble unless the database offers "transparent encryption", Oracle databases offer such a thing. A light-weight open source solution using transparent encryption is SQLite. With this feature, the encryption does not apply to the data directly but the storage itself is encrypted. This means that you can work on your database as usual with the added benefit that the physical storage is encrypted. But unfortunately, MySQL does not offer such a thing.
加密整个数据库是很麻烦的,除非数据库提供“透明加密”,Oracle数据库提供了这样的东西。使用透明加密的轻量级开源解决方案是SQLite。使用此功能,加密不直接应用于数据,但存储本身已加密。这意味着您可以照常处理数据库,并获得物理存储加密的额外好处。但不幸的是,MySQL并没有提供这样的东西。
First, why it's not a good idea to encrypt your entire database. Encrypted data looks like random garbage to your database. This implies a lot of negative things such as
首先,为什么加密整个数据库不是一个好主意。加密数据看起来像数据库的随机垃圾。这意味着很多负面的事情,比如
- SELECTs no longer work on your data the way they did before, if at all (requires a lot of effort)
- Indexing becomes pretty much useless
- Database logs are rendered useless
- ...
SELECT不再像以前那样处理您的数据,如果有的话(需要付出很多努力)
索引变得毫无用处
数据库日志变得无用
If you encrypt using MySQL's built-in encryption support then this means that the data itself is sent in plain text to the database - unless you use a TLS-secured connection, this means that eavesdroppers won't care about your encryption at all.
如果使用MySQL的内置加密支持加密,则这意味着数据本身以纯文本形式发送到数据库 - 除非您使用TLS安全连接,这意味着窃听者根本不关心您的加密。
So if you need to encrypt data you should keep it at a minimum and only encrypt the truly sensitive parts of your data to still be able to execute efficient queries on it. You should also encrypt the data directly in the application if there is no possibility to have a secure TLS connection between application and database.
因此,如果您需要加密数据,则应将其保持在最低限度,并且只加密数据中真正敏感的部分,以便仍然能够对其执行有效的查询。如果应用程序和数据库之间不可能有安全的TLS连接,您还应该直接在应用程序中加密数据。
#2
0
If you need to encrypt a set of clients' credit card numbers (or social security numbers, or tax file numbers, or some other field that needs to be kept secret) in a database, here's how not to do it, followed by some better methods:
如果您需要在数据库中加密一组客户的信用卡号(或社会安全号码,税号文件号或其他需要保密的字段),请按以下步骤操作:方法: