NYCPHP Meetup

NYPHP.org

[nycphp-talk] Website Data Encryption tools

Tim Lieberman tim_lists at o2group.com
Sun Apr 6 20:33:08 EDT 2008


Joe Leo wrote:
> You've hit the right questions I am looking to understand. The answer 
> is both. From what I understand about a tool like TrueCrypt I can 
> encrypt say my webfolder (web site) and upload it to my hosting 
> provider. And, what I am trying to understand is can the encrypted 
> data remain encrypted and still serve content. Or, once I upload the 
> encrypted data must I need to decrypt it to serve the content? I am 
> not concern about data being encrypted out to the users browser. SSL 
> takes care of that - right? So, if it is that I can encrypt and it 
> remains encrypt while serving content then this is not a bad solution. 
> And, of course one can take other measures like ssh to the server to 
> actually keep access to it secure.
In 99% of cases, there's no real argument for storing data on the server 
in an encrypted state.  This is because if your host security is 
compromised, the cracker will have your encryption keys as well as your 
encryption data.

Communicating with server (Administration, Uploading files, etc):  
SSH/SFTP. 

Data On The Server: Usually there is no good argument for encrypting 
it.  If you're going to be serving it to anyone, you'll need to decrypt 
it on the way out, so they can read it.  If the server can decrypt it, 
anyone who compromises the server can decrypt it, so it's useless and a 
waste of resources.

Server Communicating with Clients: use SSL.


The exception case:  You have a small group of users, to whom you want 
to make available some very secret data.  You don't want to do any 
processing of the data on the server.  You just want to upload an 
encrypted file, and have them download it (still encrypted).  This of 
course implies that you've somehow securely distributed the decryption 
key to your users.  This case almost never happens.  You'd be better off 
having your users generate GPG key pairs, send you the public key.  You 
encrypt for each user and send via email or any other method.  By 
leveraging public-key cryptography, you avoid the need to securely 
communicate any keys.

As others have implied, it would be a lot easier to answer your queries 
if we knew more specifics about what kind of data (and what kind of 
operations on that data) you're talking about.

But in almost every case, encrypting things on the server just chews up 
server resources while providing exactly zero protection.

-Tim




More information about the talk mailing list