0

I'm developing an API which requires an API key to use. These keys are assigned to users. To figure out which user the key belongs to, I have to store some information in that key. But I don't want it to be seen by "others". So I want to encrypt that value.

  • I was first thinking about making an encryption key for each user, but then I figured if the database has been breached, they have the key for each user.
  • So instead, I thought I should make a server-side encryption key. But I realised, if they breached the database, they probably don't care much about that encryption key anymore.

And then I started asking myself the question: What can I do to protect the data stored in a database, even if it has been breached?

For example, does it make sense to encrypt the values inside the database? I would assume not due to the time needed to decrypt everything again which would make for a bad user experience. So what options do I have?

Pedro
  • 3,911
  • 11
  • 25
DoomBro_Max
  • 3
  • 1

1 Answers1

0

Firstly please take a look at the suggested answer How to encypt sensitive data in database of a web app? (as per the helpful comment by @mentallurg

From a defence in depth approach, it absolutely makes sense to encrypt values on the database, as well it is worth taking measures to limit and contain breaches, such as ensuring your application is resilient to SQL injection, its DB connection is done with an unprivileged account (ideally multiple depending on the role and task) that can access only a subset of data on the database. Then the database server should be segregated from the remaining network. The database service should be running under unprivileged user permissions and have system command execution disabled.

As to how you should manage encryption and keys, there's several good solutions (as per the recommended question/answer), but be very very careful, as there's many times more bad/ineffective/insecure solutions.

Pedro
  • 3,911
  • 11
  • 25
  • I'm not an expert in databases I'm afraight. Do you maybe have a source or smth which highlights in more detail, what set(s) of permissions are appropriate in the scenario you described above? MySQL, in case you need to know. – DoomBro_Max May 14 '20 at 22:20
  • To *it absolutely makes sense to encrypt values on the database* - I don't agree with that. How will you implement search by values, e.g. how will you find products with price between P1 and P2? Or how will you calculate sums of some field values? How will you check if one value is greater that the other? How will you index values? FHE can be used only in a very limited cases. That's why encrypting the values is in my opinion a bad approach. – mentallurg May 15 '20 at 01:14
  • @mentallurg I mean, you only encrypt user data or similar stuff. Product prices, names or other meta is public anyway, so why would you encrypt these infos? – DoomBro_Max May 15 '20 at 12:23
  • @mentallurg please not I didn't say it makes sense to encrypt all data on the database. naturally data you want to search through cannot be encrypted, although not all fields are meant to be searched through/indexed. Only the application architects can judge what must, can and can't be encrypted. – Pedro May 15 '20 at 16:45