[DDC-1144] How insert a AES_ENCRYPT value in a table field Created: 10/May/11 Updated: 19/Mar/14 Resolved: 19/Mar/14
|Project:||Doctrine 2 - ORM|
Win XP, MySql5, Php5.3, ZendFramework 1.11.4
i processed like this:
How can i do ?
|Comment by Marco Pivetta [ 19/Mar/14 ]|
This approach is flawed from a security perspective, since your data AND the encryption key are likely flowing through either a socket to the DB server.
This also allows people to just log the queries and catch any calls to AES_* functions.
Once the attacker got in, he can simply copy all the data and decrypt it on his own machine from an SQL dump.
I would suggest to NOT encrypt in custom DBAL types nor through SQL queries: do it in your service layer with proper encryption built into PHP.