Encrypting a CMSB Database

3 posts by 2 authors in: Forums > CMS Builder
Last Post: March 6, 2017   (RSS)

By gkornbluth - March 4, 2017

Hi All,

A small client of mine wants to host his CMSB installation on a local server on his office network but is concerned that the database might be vulnerable and raised the question of encryption. The network has internet access but the database is only used on premises by office staff.

The closest that I came was an old post on general data field encryption #2237365.

Has anyone done anything in this area, or have any thoughts?

Best,

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By Dave - March 6, 2017

Hi Jerry, 

Encrypting won't really help because the website will have to have the keys to "unlock" the encryption.  When you have a lock and the key to that lock in the same place it doesn't offer any additional security.

Probably best would be to inquire what specific attack scenarios he's concerned about and look into restricting down physical access to the server, and network access to the files on the server (eg: can anyone on the network access the MySQL files)? 

Something else to consider is if any of the on-site staff have the technical experience to actually gain access and copy or access a MySQL database.  If they don't, maybe it's less of a concern.

Hope that helps!

Dave Edis - Senior Developer

interactivetools.com