I wish to know the easiest way of storing text inside a database and encrypting it in order to prevent others (admin) from reading through it. I am permitting customers to create (up-to) sentences of plain text after which storing inside a database. This text will be displayed to the consumer within their account. Which means that I will need to have the ability to decrypt the information once i have secure it and saved it within the database. (I've produced the project using PHP)


What you're searching for is MCrypt. Also if you're wanting the information to become truly secure you will have to use HTTPS for transport as when the PHP script has decrypted the cipher text (once the user is being able to access the written text) the plain text is distributed out with the NIC from the server. So a crafty admin or attacker could just sniff the trafic around the interface and log the traffic.

Actually, you cannot prevent admin from viewing these texts as he'll have the ability to read file encryption password too and decrypt them.

[cde] and AES_ENCRYPT are easy methods to secure/decrypt strings without writing the code yourself, obtainable in MySql 5 upwards.

Remember that the creation of AES_DECRYPT is really a binary string, which must be saved in posts of the binary data type (possibly the appropriate you might be AES_ENCRYPT) rather than text types for example BLOB or TEXT that you'd normally use for text data.

However , you will need to keep file encryption key somewhere, and also you in some way need to keep your admin from being able to access it. I'm not sure if that'll be possible (admin of what exactly?)

  1. Make use of a save connection (https) so your admin can't obtain the password in the logs.
  2. Use MCript to secure decrypt the data using the customers password.
  3. Decrypt the information using the customers password.

There's however one Large drawback:

You'll have to keep customers password in cleartext within the session, which means you Will need to take care that session information is not saved in logs, the database, etc...

In case your admin can access the php code it's a few seconds to compromise this.

The only real situation where this works is that if your Admin can access the database and also the after sales Although Not the code.