I wish to build an application that's essentially a regular membership service for texts.
User submits a telephone number via my website. I send them a confirmation text having a key, and when they properly go into the key, they are activated, and each day after that I'll send them a text having a particular message until they remove yourself from list.
Question: I wish to store these telephone numbers in ways which i (the developer or storage layer administrator) can't view these telephone numbers, to preserve privacy. I can not just saved them hashed, then so how exactly does my application read these to send the written text message? How do you do that?
Edit: This really is both a burglar and privacy question... I would like somebody that hacks into my system not to have the ability to get the telephone numbers, even when they've full accessibility database.
When software around the system can decrypt them so can anybody with plenty of accessibility system. The very best you should do is to lessen the danger using a devoted system for that actual texting part. By looking into making texting the only real factor this technique can perform you limit the choices of hacking in to the system. Then using a public/private key file encryption the texting system will be the only system that requires the decryption key. Systems for really signing up customers or altering the telephone numbers would only need the file encryption key.
Now if you wish to safeguard the decryption key any more you can get this to system inaccessible to admins by setting your password nobody knows and permanently measure you can disable all login techniques. Oh and make certain the important thing only is available in memory This Is Not On DISK!
Just in case this texting system ever goes lower you will have to mention a brand new texting system that you require the key. Would you like to possess a copy of they type in a safe and secure location behind multiple locks that differing people possess the key. These folks then can oversee that secret is correctly joined in to the new system without other people coming to a copies of they key which later on all logins are correctly disabled.
I am thinking file encryption is the only wager. Your going to need to secure the telephone numbers only permit the software/service applications to have the key. You can keep key on the off-site system and also have the application via SSH or SSL retrieve the important thing store it in memory only. That's not saying the bottom line is 100% protected from the managers but they're just telephone numbers can't image someone investing a-large amount of effort for cell amounts.
use MD5 to enrypt your telephone numbers. By doing this you are able to prevent it from viewing. However MD5 can be used to keep password type data. You may also write your personal algoritham code to enrypt telephone numbers.