"sma1king" <gk***@geking.com> wrote in message
news:Ny******************@nwrddc02.gnilink.net...
I have a prospect that needs to collect sensitive personal data via the
web for mortgage applications. A certificate & SSL seems to protect the data
from the browser to the server, but I need some way to encrypt the data
for storage in mysql and (possibly) into a flat file for retrieval by the
prospect. I have not been able to find a simple solution for this
compatible with BSD and Apache.
Does anyone have any experience with this, and can you recommend a
solution? Thanks for your help.
--
George
The following reference might provide some info (TIP 18):
http://osdn.dl.sourceforge.net/sourc...ADME_mysql.txt
If you're compiling mysql from source [./configure --with-openssl], then,
it's possible to encrypt/decrypt the data. For instance, there is a
des_decrypt function. Fields should be blob. The above link provides a
short example.
For flat files, assuming you have openssl installed
[
http://www.openssl.org/]
To Encrypt:
openssl des3 -salt -in file.txt -out file.des3
To Decrypt
openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
Need to encrypt what you type? Enter the following, then start typing but
^D to end.
openssl des3 -salt -out stuff.txt
FYI, if they have a lot of data [MySQL is too slow] you may want to take a
look at BerkeleyDB. It's not really a database, but provides fast hash and
b-tree type storage. Good for 100 tera-byte record sizes where MySQL may be
too slow. The latest version of BerkeleyDB provides encryption
[
http://www.sleepycat.com/download/db/index.shtml]
Hope this helps.
Regards,
Mike Chirico