加密文本以存储在mysql数据库中的最佳方法
[英]Best way of encrypting text to store in mysql database
问题描述
I want to know the best way of storing text in a database and encrypting it so as to prevent others (admin) from reading it. 
我想知道在数据库中存储文本并加密它以防止其他人(管理员)阅读它的最佳方法。 I'm allowing users to write (up-to) paragraphs of plain text and then storing in a database. 我允许用户编写(最多)纯文本段落,然后存储在数据库中。 This text is then displayed back to the user in their account. 然后,该文本将在其帐户中显示给用户。 This means that I will have to be able to decrypt the data once i've encrypt it and stored it in the database. 这意味着我必须能够在加密数据并将其存储在数据库中后对数据进行解密。 (I have created the project using PHP) (我使用PHP创建了项目)
Thanks 谢谢
4 个解决方案
解决方案1
2 2011-04-01 13:29:33
What you are looking for is MCrypt . 您正在寻找的是MCrypt 。 Also if you are wanting the data to be truly secure you will need to use HTTPS for transport as once the PHP script has decrypted the cipher text (when the user is accessing the text) the plain text is sent out through the NIC of the server. 此外,如果您希望数据真正安全,则需要使用HTTPS进行传输,因为一旦PHP脚本解密了密文(当用户访问文本时),纯文本就会通过服务器的NIC发送出去。 So a crafty admin or attacker could just sniff the trafic on the interface and log the traffic. 因此,一个狡猾的管理员或攻击者只能嗅探界面上的流量并记录流量。
解决方案2
1 2011-04-01 13:28:24
AES_ENCRYPT and AES_DECRYPT are easy ways to encrypt/decrypt strings without writing the code yourself, available in MySql 5 upwards. AES_ENCRYPT和AES_DECRYPT是加密/解密字符串的简单方法,无需自己编写代码,可在MySql 5中向上提供。
Be aware that the output of AES_ENCRYPT is a binary string, which needs to be stored in columns of a binary data type (most likely the appropriate one would be BLOB ) instead of text types such as TEXT or VARCHAR that you would normally use for text data. 请注意, AES_ENCRYPT的输出是一个二进制字符串,需要存储在二进制数据类型的列中(很可能是适当的一个是BLOB )而不是通常用于文本的文本类型,如TEXT或VARCHAR数据。
The problem is that you are going to have to store the encryption key somewhere , and you somehow have to keep the admin from accessing it. 问题是你将不得不在某处存储加密密钥,并且你必须让管理员不能访问它。 I don't know if that will be possible (admin of what exactly?) 我不知道那是否可能(管理员到底是什么?)
解决方案3
1 2011-04-01 13:31:48
实际上,您无法阻止管理员查看这些文本,因为他也能够读取加密密码并对其进行解密。
解决方案4
-1 2011-04-01 14:30:51
- Use a save connection (https) so your admin can not get the password from the logs. 使用保存连接(https),以便管理员无法从日志中获取密码。
- Use MCript to encrypt decrypt the data with the users password. 使用MCript加密用户密码解密数据。
- Decrypt the data with the users password. 使用用户密码解密数据。
There is however one BIG drawback: 然而,有一个很大的缺点:
You will have to store the users password in cleartext in the session, so you MUST take care that session data is not stored in logs, the database, etc... 您必须在会话中以明文形式存储用户密码,因此您必须注意会话数据不存储在日志,数据库等中......
If your admin has access to the php code it is a matter of seconds to hack this. 如果您的管理员可以访问php代码,那么破解这个代码只需几秒钟。
The only case where this will work is if your Admin can access the database and the backend BUT NOT the code. 唯一可行的情况是,您的管理员可以访问数据库和后端,但不能访问代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.