I’m just wondering if I should encrypt user contact information when I store it in the database?
E.g. emails, phone numbers etc…
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m just wondering if I should encrypt user contact information when I store it in the database?
E.g. emails, phone numbers etc…
Normally you only encrypt sensitive information, and this depends on your project requirements. If the user email or phone number is sensitive, encrypt it. On the other hand, as you will need to get the contact information from database, you will use symetric encryption, and it is easy to desencrypt, so your “security” in this case is only ofuscating data and is not strong enough.
Anyway, you should always encrypt the sensitive data such as password, and I suggest assymetric encryption with hash.
In my projects I never needed to encrypt any contact information, and only passwords are encrypted on the database. If you are implementing web application, I suggest you to use security tokens (claim based security) and make all contact information to be encrypted while travel on the net (by using message or transport security) so there are very low risk to disclose any contact information to the third party.