問題描述

長話短說，我們公司最近發生了一次入侵，其中我們的 MySQL 數據庫被轉儲和竊取.高管們現在真的很緊張，除了加強其他安全措施外，他們還打算對數據庫中的所有客戶信息(電子郵件地址、家庭地址、姓名等)進行加密.

So long story short, our company recently had an intrusion wherein our MySQL DB was dumped and stolen. The execs are really nervous now and in addition to upping other security measures, they are intent on encrypting all customer information (email address, home address, names, and the like) in the DB.

我不確定從哪里開始.我們運行一個 PHP 應用程序.顯然，這會產生一些我們希望最小化的額外開銷.另一個問題是在使用新加密字段的地方更改代碼的難度.

I am unsure of where to begin on this. We run a PHP app. Obviously, this is going to create some additional overhead that we'd like to minimize. Another concern is going to be the difficulty in changing the code wherever the new encrypted fields are used.

這讓我覺得這是一種不必要的預防措施，但管理層似乎對此很堅決.

This strikes me as an unnecessary precaution, but management seems firm on it.

哪種類型的加密算法/方法最適合此用例?

What type of encryption algorithm/method would be best for this use case?

推薦答案

這里有一篇關于如何使用 MySQL 執行此操作的非常好的文章:http://thinkdiff.net/mysql/encrypt-mysql-data-using-aes-techniques/.

There is a very good writeup on how to do this with MySQL here: http://thinkdiff.net/mysql/encrypt-mysql-data-using-aes-techniques/.

您會希望將 AES 與 256 位密鑰一起使用，因為這是目前流行的最佳實踐/標準.256 位 AES 密鑰被認為具有足夠的大小，可以抵御現代計算能力.

You'll want to use AES with 256bit keys, as that is the prevailing best-practice/standard right now. 256bit AES keys are considered to be of sufficient size to be secure against modern computing power.

加密數據庫是個好主意，無論您是否認為它是矯枉過正.即使數據不是非常敏感，客戶記錄的丟失至少也會讓您的公司非常尷尬，并且可能會對客戶的信心和人們未來交出數據的意愿產生不利影響.加密數據庫的全部內容現在可能不是行業標準，但趨勢正在朝著這個方向發展，采用更強大的安全態勢不會傷害您.如果不出意外，請將其視為深度防御實施中的另一個條目.

It's a good idea, regardless of if you think it's overkill or not, to encrypt your database. Even if the data isn't horribly sensitive, the loss of customer records can be very embarrassing to your company, at the very least, and could adversely affect customer confidence and people's willingness to hand over their data in the future. Encrypting the full contents of your database may not be industry-standard right now but trends are moving that way and it cannot hurt you to adopt a stronger security posture. If nothing else, think of it as another entry in your Defense-In-Depth implementation.

我還建議您查看這篇文章 - http://www.symantec.com/connect/articles/secure-mysql-database-design - 因為它提供了一個很好的、相當基本的安全數據庫系統設計介紹，應該會給你一些關于其他事情的指導，以檢查你的申請.

I would also recommend you check this article out - http://www.symantec.com/connect/articles/secure-mysql-database-design - as it provides a good, fairly basic, introduction to secure database system design that should give you some pointers on other things to check for your application.

這篇關于在我公司的 MySQL 數據庫中加密客戶信息的最佳方法?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！