Home/ Questions/Q 4110428
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T21:55:58+00:00

I have been through several SO questions regarding this and my approach is a

  • 0

I have been through several SO questions regarding this and my approach is a bit different in terms of wanting to encrypt data. Here is what I want to do..

Basically all my customers data is stored in the database and after 3 weeks or 4 weeks, I don’t really need their data anymore such as address, city, state, zip, phone, email address, products they ordered etc.

Now this data is stored in raw format in the database (mysql).

What I am thinking is that after certain days, I will encrypt all the data which resides in mysql database and instead of storing the key, I will just enter it manually via input box each time (when wanting to encrypt it or if for some reason decrypt it just to display on the screen).

So basically here is how it would work..

1) Select the customer’s record in mysql

2) Get the encryption key via input box

3) Update the mysql record by encrypting the data

So here are my 2 questions…

1) Is the above mentioned a good strategy in the sense that if the database was compromised, the data would be secured. Additionally, if the intruder were to gain access to the code, they wouldn’t have access to a key because it would not be stored anywhere in any php files.

2) How should I setup the encryption system? Should I used the mysql’s function AES_ENCRYPT (Please keep in mind that the length of the data may vary such as the address, or email address or some other information about the customer)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This scheme sounds like it would work just fine. There’s only some details that you need to take care of.

    AES_ENCRYPT (which is fine — this also holds with any other encryption method you might use) returns a binary string. You need to store that inside a column that can hold binary strings (BINARY, VARBINARY, BLOB variants), whereas you probably store the pre-encryption information in nonbinary string columns. So you would either need to have another set of columns for the encrypted info, or use some text-based encoding to be able to put the encrypted data in the same columns you use for the unencrypted form.

    Also, you should be very careful in your application logic so as not to accidentally repopulate an encrypted row with unencrypted data (think scenarios such as view record -> decrypt -> save changes).

    Finally, if the bad guys have write access to your server/application then they might very well intercept the encryption key and save it. Since the key would likely be one and the same for all records (due to key management considerations) this would be enough for them to get all your data. But if they only manage read access, you are good.

    • 0