[nycphp-talk] Website Data Encryption tools
Tim Lieberman
tim_lists at o2group.com
Sun Apr 6 20:33:08 EDT 2008
Joe Leo wrote:
> You've hit the right questions I am looking to understand. The answer
> is both. From what I understand about a tool like TrueCrypt I can
> encrypt say my webfolder (web site) and upload it to my hosting
> provider. And, what I am trying to understand is can the encrypted
> data remain encrypted and still serve content. Or, once I upload the
> encrypted data must I need to decrypt it to serve the content? I am
> not concern about data being encrypted out to the users browser. SSL
> takes care of that - right? So, if it is that I can encrypt and it
> remains encrypt while serving content then this is not a bad solution.
> And, of course one can take other measures like ssh to the server to
> actually keep access to it secure.
In 99% of cases, there's no real argument for storing data on the server
in an encrypted state. This is because if your host security is
compromised, the cracker will have your encryption keys as well as your
encryption data.
Communicating with server (Administration, Uploading files, etc):
SSH/SFTP.
Data On The Server: Usually there is no good argument for encrypting
it. If you're going to be serving it to anyone, you'll need to decrypt
it on the way out, so they can read it. If the server can decrypt it,
anyone who compromises the server can decrypt it, so it's useless and a
waste of resources.
Server Communicating with Clients: use SSL.
The exception case: You have a small group of users, to whom you want
to make available some very secret data. You don't want to do any
processing of the data on the server. You just want to upload an
encrypted file, and have them download it (still encrypted). This of
course implies that you've somehow securely distributed the decryption
key to your users. This case almost never happens. You'd be better off
having your users generate GPG key pairs, send you the public key. You
encrypt for each user and send via email or any other method. By
leveraging public-key cryptography, you avoid the need to securely
communicate any keys.
As others have implied, it would be a lot easier to answer your queries
if we knew more specifics about what kind of data (and what kind of
operations on that data) you're talking about.
But in almost every case, encrypting things on the server just chews up
server resources while providing exactly zero protection.
-Tim
More information about the talk
mailing list