Welcome to WebmasterWorld Guest from 184.108.40.206
I'm contemplating an application in PHP/MySQL that would need to allow me, the site owner, the following:
The nature of the app would require the users to be 100% confident in the privacy of their information, even from me.
Q. Is this posssible, and if so, what areas should I be looking at to get the right tools for the job?
So, we think it possible to protect the data from the admin?
I would think so. If you encrypt the data on insert it will be inserted so that it couldn't be read even by PHPMyAdmin. The only way to read that data would be to use MySQL/PHP to query the db and pull the records. Now the only way to personalize it would be to either use logins and hash the pwd or use personal certificates.
I am not sure whether there is such a solution at all (at least when there are only two parties involved).
Your application would need to encrypt the data. Symmetric encryption is not an option. You would have the key to encrypt the data and could use it to decrypt the data. So the only way to go would be to use some sort of asymmetric encryption. Using the public key you could encrypt the data. But your app would not be able to decrypt the data. You would need the private key for that. If you supplied a way to upload that private key to the server and use it in your app you would need a way to ensure that you do not have access to the private key. Your application would need to encrypt the key. Symmetric encryption is not an option... ;)
I believe the way to go would be to decrypt the data on the client side using a Java thingy or some kind of proxy server or have a third party involved. But even then your clients would have to at least trust that third party.
If you really want to do something like this have a look at the FreenetProject. This might give you some ideas.
Yes, eventually doing business with somebody is about trusting the other party to do what they promised in the contract.
Personally I would not have anybody else have access to extremely sensitive data. I would store it on an encrypted partition on my own computer which is not connected to the net in any way.
Only if you were to provide a way to store illegal data would I suggest you make 100% sure that you do not have any way of knowing what is actually stored because then the CPS/DA/StA would not be able to prove that you knew what was stored and the court would have to assume that you did not know what was stored or that what is stored and could not be decrypted is legal rather than illegal. This is the way how the FreeProject works. But even the you need to have some kind of "trusted environment", i.e. a jurisdiction that actually heeds basic procedural human rights.
The bottom line: Interaction is inherently insecure. Without interaction there really isnīt anything to life ;)
But even then your clients would have to at least trust that third party.
I can understand that people would be more willing to trust a third party than Nick_W, moderator of the CSS [webmasterworld.com] at WebmasterWorld ;)
And no, Iīm not a cheeky *** ;)
[edited by: eelixduppy at 9:55 pm (utc) on Feb. 18, 2009]
The other option would be to make the database dowmloadable with an installer. Then folks could run it locally or on their website.
If they ran it on their website, the admin could still view it but it would not be such a big detail. The information is what one webmaster would not want another webmaster seeing. It's not the blueprints to fort knox ;)
Lot's of thinking to do....