0

I'm writing some software which has an invoicing component. Is it safe to store a bank account number and an associated sort code in a database if I use encryption? Can anything be stolen using just these two numbers?

The numbers have to be encrypted / unencrypted on the server in order to generate PDF documents.

They will be stored alongside email addresses, names and billing addresses which makes me slightly wary of doing it incase we are hacked.

What is the correct way to do this?

userqwert
  • 101
  • 1

1 Answers1

4

Well, if the decryption key has to reside on the same server as the encrypted data, the data isn't really encrypted (aside from when you store a backup of your database outside of your server, and separate from the key).

So, the usual applies:

Whatever info you make available publicly must be safe to give away. That means that you want to encrypt traffic (e.g. HTTPS, MySQL over TLS). You also want to encrypt your off-site backups (you're doing off-site backups, right?).

Marcus Müller
  • 5,843
  • 2
  • 16
  • 27