How to hide sensitive information

woodeye

I'm working on an online app, for a client, that tracks employee time spent on jobs. I'm storing all info in a MySQL database. I have a table that has all the employee info, including pay rates.

I need a way to hide the pay rate for employees from their IT guy. The site is going to be hosted on one of their servers, so if he tries to find it, he'll have access to the MySQL username & password. So I was thinking that I could use SHA1 or MD5 to encrypt the pay rate, but then when I need to retrieve that info to perform a calculation (time x pay rate), then I don't know how I could convert it back to a number.

I was thinking that I could do some kind of cryptic calculation when saving the amount, like multiply by the employee id number, and then divide by 4 or something like that, but it seems that it would be pretty easy to decode that if he tries.

Thanks in advance for any suggestions.

CoderDan

mcrypt is what i tend to use for my encryption needs (like cc numbers, etc)

NogDog

You can also do it on the MySQL side using its various encrypt/decrypt functions. Of course, you still have the issue of sysadmins having access to your PHP source code and finding out what encryption method you are using, unless you require the user to enter the encryption key and therefore do not store that key anywhere on the system.

woodeye

Thanks for the suggestions. I'll give both a read and figure out which is right for me.

I don't think there's anything that I can come up with that is completely secure, because he will have full access to all the code. But if I can put some road blocks in, I think that's about all I can do.

Thanks again.
Brian

laserlight

woodeye wrote:
I don't think there's anything that I can come up with that is completely secure, because he will have full access to all the code.

NogDog's suggestion of not storing the encryption key and requiring it to be provided on demand can make storage of the data secure, if implemented correctly. Note that encryption does not guarantee data integrity, so you should also store a keyed cryptographic hash of the ciphertext so that you can detect if data integrity has been violated.

EDIT:
Oh, but if the code can be modified, the fellow can always change the code to store the key, thus defeating the security the next time the system is used by the authorised parties. I suspect that your only recourse against that is to review the code, e.g., before the changes are put into effect for the live system.

dagon

As above, and php source encryption perhaps. Zend Guard, or one of the others.