Uploading sensitive data

emrys404

Hello,

A client of mine wants users to be able to upload files that contain sensitive data like ssn, names, addresses etc. Obviously this will be done over an SSL connection but what methods for storing, accessing, etc. do you recommend?

Thanks,

Emrys

bpat1434

Obviously you should encrypt it either during submission, or after before storage.

The current "best accepted" method is RSA-256 encryption. That's what I would suggest, especially with sensitive info like SSN or bank account stuff. Names and addresses aren't technically sensitive as any bloke with a phone book can find you (if your number is listed).

Anyway, you can either encrypt the data using Javascript into RSA-256 or, you can submit the data and let PHP encrypt it for you. If you just google about the subject, you'll find plenty of scripts and tutorials.

emrys404

Hello,

Thanks for your reply. Okay encryption it is. So then i'll need it to be decryptable as the site admin needs to look at it. In that case where do i store the key that it wont get compromised, but is still available for use in decryption? Also do i store the encrypted files as a blob in the database or do i store them in filesystem?

Thanks,

Emrys

bpat1434

The key should most probably be stored in a file above the document root (i.e. above the public_html or www folder) so it can't be viewed by any browser.

As for storing it in the database, you can store it as varchar or blob, although blob (Binary Large OBject) probably isn't necessary. Typically blob is for files and images, not just data. You'd use Varchar or Text for data. Just make sure you have the proper encoding selected, otherwise it could destroy your data.

emrys404

Okay so here is what i've got so far. I would love to hear your comments on it:
I'll upload the file, encrypt and store it in mysql with the AES_encrypt function and store the key outside of the web directory.
Since my files are going to be pdf, excel and cvs i was thinking i would use base64_encode on them, then insert it into mysql using the AES_encrypt function. What data type does this field need to be? blob?

Please tell me if this is feasable or not.

Thanks,

Emrys

MarkR

emrys404 wrote:
A client of mine wants users to be able to upload files that contain sensitive data like ssn, names, addresses etc. Obviously this will be done over an SSL connection but what methods for storing, accessing, etc. do you recommend?

I recommend only using sufficient due diligence in protecting the data from attackers.

Obviously the preferred solution would be not to store these sensitive data at all, but if it is absolutely mandatory, your system should show due diligence:

Shared hosting is definitely a no-no (Unless it's shared with an application under the same administrative control and set of users).
All access for developers, systems administrators and anyone else with access to the data should be over secure links from known secure locations (e.g. a VPN or SSH tunnel) - ideally lockable rooms on your premises where physical security exists. So having developers or sysadmins log in from cybercafes is a definite no-no, as keyloggers etc could exist.
Due diligence should be shown in developing the application itself against possible attacks
Reputable staff should be chosen; access should be limited to those who "need to know".

Mark