Hi All,
I tried encrypting fields in a database for the first time and had some interesting (but frustrating) results.
After encryption on a site (with an SSL certificate), I received the following error:
Warning: mysqli::real_connect(): this stream does not support SSL/crypto in /home4/zcfzmsmy/public_html/test/cmsAdmin/lib/database_functions.php on line 58 Warning: mysqli::real_connect(): Cannot connect to MySQL by using SSL in /home4/zcfzmsmy/public_html/test/cmsAdmin/lib/database_functions.php on line 58 Warning: mysqli::real_connect(): [2002] (trying to connect via (null)) in /home4/zcfzmsmy/public_html/test/cmsAdmin/lib/database_functions.php on line 58 Warning: Cannot modify header information - headers already sent by (output started at /home4/zcfzmsmy/public_html/test/cmsAdmin/lib/database_functions.php:58) in /home4/zcfzmsmy/public_html/test/cmsAdmin/lib/menus/dbConnectionError.php on line 4 Warning: Cannot modify header information - headers already sent by (output started at /home4/zcfzmsmy/public_html/test/cmsAdmin/lib/database_functions.php:58) in /home4/zcfzmsmy/public_html/test/cmsAdmin/lib/menus/dbConnectionError.php on line 5 Warning: Cannot modify header information - headers already sent by (output started at /home4/zcfzmsmy/public_html/test/cmsAdmin/lib/database_functions.php:58) in /home4/zcfzmsmy/public_html/test/cmsAdmin/lib/menus/dbConnectionError.php on line 6
After removing 'requireSSL' => '1', in settings.dat.php I was able to access the site and database again, and I was able to encrypt fields in the database.
The need to remove that line doesn’t seem right, but I’m sure that there’s a logical explanation.
____________________________________
A bigger concern is that the value of 'columnEncryptionKey' => 'myencryptionkey', is visible in plain text in the settings.dat.php file, along with my database name and database password.
Based on this, I’m feeling that there’s bit of false security going on here, since even a novice hacker has all the information that they need to hack sensitive data in a database backup, in one neat package.
I’m using Bluehost, and I’ve got to believe that their security is pretty high. So if my site is hacked, it will have been done by an experienced hacker.
Are there any plans in the works to store these values in an encrypted format? (I think user's passwords are already stored that way)
Thanks,
Jerry Kornbluth
The first CMS Builder reference book is now available on-line!
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php