What exactly do you want to achieve by encrypting the data? You obviously want them to be stored on the server in an encrypted form. That is not very useful unless you ensure that the data is transfered to/from the server in a secure manner (mod_ssl or similar).

There are a lot of Crypt::* modules at CPAN that allow you to use PGP, OpenSSL, etc. to encrypt the data in a far more secure manner than the scripts you mentioned.

Ensuring security is a non trivial task with lots of opportunities to make lots of mistakes. So if you need a really secure solution you might want to hire an expert. Or get at least a good book and make sure you understand the concepts behind those encryption methods.

Perhaps you could outline your desired setup a bit more. Then it would be easier to point you into the right direction.

Andreas

Okay, we run an online store, and keep all orders on our server. We access these and they're moved between folders at different stages whilst the order is being processed. Once and order is processed, its filed away in the appropriate folder. It can be retrieved at a later data by using a search feature, of browsing by date.

The thing is, we have all these orders and customres data on our server, and although we don't keep credit card info, I'd like to respect our customers privacy a little more in encrypting the data.

All data is hidden out of the webspace, and also has .htaccess protection, and we only access it using ssl. Like I mentioned in my first post, the only way someone can access the data is to have ftp access - then they also have access to all scripts and encryption keys.

Also, would it be worth while learning and using MySQL for the sake of security?

The only other option would be to download data to another computer, and decrypt it there, using a different key to the one for encryption...?

*scratches head a bit more*

:(

What you want is to encrypt the data using the key stored on your server (public key), but to keep the decryption key (private key) away from the data and to supply it at the moment of decryption only

I used gpg to build a system like that and it worked fine.

Hi,

I'm no security expert, but a couple of thoughts:

First, you mention FTP access to the server. When you
access the server via FTP, is your userid and password
encrypted...say via SSH? If not, you are most likely
transmitting your userid and password in clear text
when you login via FTP...and thus someone might intercept
and use your userid and password to log in as you.

Second, there are many ways servers get cracked and taken
over by someone who gains "root", meaning they can do
whatever they want -- like downloading your customer data.
It's important to know that there are folks out there
skilled at gaining root access to servers through some
security hole in the operating system, running applications
such as your webserver, a script you may have written,
or, namely, some other way besides having the userid and
password to login via FTP.

Keep in mind some of these methods work right through a
firewall. Moreover, not only must the OS be locked down
well, but all the applications such as web and database
servers -- including any scripts one may have written that
perform all one's business task -- need to be properly
locked down or configured as well.

The more I learn about webserver security, the more I
realize how little I know about what all the risk are.
Not to mention how to mitigate them.

BTW, is every piece of software running on your server --
from the OS to the webserver to whatever else you may be
running -- the latest secure versions with no known
exploits? If not, such as an older version of Apache,
there may be "canned" exploits someone can run to gain
root on your server...without any need for your FTP
password. It's a job just to keep all the software patches
for security up to date.

Food for thought,

Louis