Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
200 views
in Technique[技术] by (71.8m points)

php - Encryption at code vs Encryption at DB column

Need to seek architectural advice !

Currently, have sensitive data at Database (say user's SSN) as plain text

It has to be encrypted.

Approach 1: Encryption at Code

  • Some Crypto built in library can be used to encrypt (using key stored at vault)
  • The EncryptedText can be stored to DB column
  • For retrieval, SELECT upon this DB table from DAO, use Decrypt function at code, return Decrypted response

Approach 2: Encrypt the DB's column

  • apply a trigger to column, which would encrypt INSERT data for that column
  • For retrieval, database offers Decrypt methods which can be used at SELECT query at DAO layer

Parameters to decide:

  1. Performance
  2. Code quality (appears cleaner at Approach 2)
  3. Encryption strength (would both approaches provide similar strength at encryption)

Currently, the application code is in php Laravel and DB is MySQL

Encryption algorithm planned to use: AES 256 CBC

question from:https://stackoverflow.com/questions/66063915/encryption-at-code-vs-encryption-at-db-column

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...