I want to build an app that is basically a subscription service for text messages.
User submits a phone number via my site. I send them a confirmation text with a key, and if they correctly enter the key, then they are subscribed, and every day thereafter I will send them a text with a particular message until they unsubscribe.
Question: I want to store these phone numbers in a way that I (the developer or storage layer administrator) can’t view these phone numbers, to preserve privacy. I can’t just stored them hashed, then how does my app read them to send the text message? How do I do this?
Edit: This is both a security and privacy question… I want someone who hacks into my system to not be able to get any of the phone numbers, even if they have full access to the database.
I’m thinking encryption is your only bet. Your going to have to encrypt the phone numbers but only allow the software/service apps to have access to the key. You could store the key on a off site system and have the app via SSH or SSL retrieve the key store it in memory only. That’s not to say the key is 100% safe from the administrators but they are just phone numbers can’t image someone spending a-lot of effort for cell numbers.