0

I want to store sensitive user data in a database. This contains information like: account balance, e-mail for bank etc.

I am now storing the account balance as decimal, the e-mail as text and the first and lastname as varchar. I was wondering if I should hash or encrypt this information in order to make it more secure.

I searched, but couldn't find if it is needed. Does anyone know if I should hash or encrypt this information, or should I leave it as I have right now?

Improve this question
8
  • Well hashing only works one way - if you intend to read the data later, this is not what you want. Good encryption might make the data more secure, but that really depends on some more factors like how you secure the encryption key. Remember: for your application to encrypt/decrypt data, you need the key in memory. Really depends on the attack vectors you identified. Commented Aug 29, 2020 at 10:45
  • Is the database on the same server as the application? Who has administrative access to application server? Who has access to DB? If the DB is on another server administrered by different people, then encrypting the data sent to DB server might serve a purpose. Otherwise not really, because it makes no difference. Decryption is just another step when retrieving data if you have access to code+key. Commented Aug 29, 2020 at 10:49
  • Also consider performance impact. You want to use the data types offered by SQL and you want to use proper indexing. This will be complicated with encrypted data. (I.e. each name LIKE 'sam%' will not easily work) Commented Aug 29, 2020 at 10:51
  • Okay, thanks. The database and website are on the same server, I am the only one with access to the database. So I am just going to leave it as I have right now. Thanks! Commented Aug 29, 2020 at 11:00
  • The fact that the webserver and the database server are on the same computer does not mean you should not encrypt data. However, pls do not try to implement encryption on your own, it is very easy to get it wrong and give yourself a false sense of security! Use established products for this purpose instead. Yeah, most of these are not free. Commented Aug 29, 2020 at 11:48
Load 7 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.