Originally Posted by
thnewguy
Regarding the second part of your plan, I don't think you should e-mail sensitive data. Even if the server-to-server connection is encrypted, the data as it sits on the server will be in plain text.
Unless you have encrypted the sensitive information before storing it on the server, you're asking for a heap of trouble.
I would recommend putting the SQL server for WordPress on an entirely different machine, one preferably behind a firewall, and using OpenVPN to create an encrypted connection between the web server and the database server. Then the server can write securely to the database, and the data never reside on a publicly-visible machine. Depending on what this application is used for, you may still need to encrypt the data you are storing before writing it to the SQL server. I use the mcrypt functions in PHP to encrypt the data with AES256, then use PHP's base64_encode() function to convert the encrypted binary representation to a text string that I write to the database.
Here are the functions I wrote for this task, if you'd like to do a little home cooking:
Code:
function b64_encrypt($string,$key) {
# encrypt a string with AES256 and $key
# return the base64 encoding of the encrypted result
# from the PHP manual
$td = mcrypt_module_open('rijndael-256', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
# convert the result to base64 encoding here
$encrypted_data = base64_encode(mcrypt_generic($td, trim($string)));
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $encrypted_data;
}
function b64_decrypt($string,$key) {
# convert a base-64 encoded string into a Rijndael-256
# cipher then decrypt using $key
$td = mcrypt_module_open('rijndael-256', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = mdecrypt_generic($td, base64_decode($string));
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
# trim any padding
return trim($decrypted_data);
}
For the key I just use a random md5 string hidden in the bowels of the file system. The command-line command "ps -aux | md5sum" produces a pretty decent key.
I used AES256 to comply with Federal regulations on encryption standards. The client was a medical provider so HIPAA compliance was essential.
Bookmarks