Encrypting a CMSB Database
3 posts by 2 authors in: Forums > CMS Builder
Last Post: March 6, 2017 (RSS)
By gkornbluth - March 4, 2017
Hi All,
A small client of mine wants to host his CMSB installation on a local server on his office network but is concerned that the database might be vulnerable and raised the question of encryption. The network has internet access but the database is only used on premises by office staff.
The closest that I came was an old post on general data field encryption #2237365.
Has anyone done anything in this area, or have any thoughts?
Best,
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
By Dave - March 6, 2017
Hi Jerry,
Encrypting won't really help because the website will have to have the keys to "unlock" the encryption. When you have a lock and the key to that lock in the same place it doesn't offer any additional security.
Probably best would be to inquire what specific attack scenarios he's concerned about and look into restricting down physical access to the server, and network access to the files on the server (eg: can anyone on the network access the MySQL files)?
Something else to consider is if any of the on-site staff have the technical experience to actually gain access and copy or access a MySQL database. If they don't, maybe it's less of a concern.
Hope that helps!
interactivetools.com
By gkornbluth - March 6, 2017
Hi Dave, thanks for commenting.
I think they're more interested in an outsider gaining physical access to the mysql database and hacking into it, not staff or those with authorized network access if that makes any sense.
Jerry
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php