Hello,
We are trying to find an elegant solution to the following problem:
Our webapplication needs to access highly sensitive data. Leaving the
data unencrypted is unacceptable. Here is the setup: currently there are
2 boxes (we are not limited in hardware so if your solution involves
more servers this would not be an issue), 1 MySQL database server and 1
Apache webserver (with sensitive data) both running Linux. Note that the
sensitive data currently resides in files, but this could easily be
migrated into a database structure. Now, the problem is to provide some
security on the sensitive data in case the server (database or web) is
compromised.
This could be an answer:
Encrypt all sensitive data on the webserver and store the key in the
database. However, if the webserver is compromised then the MySQL
authentication information is easily found and thus also access to the
database and the keys to the encrypted files. But, our webapplication
has improved its security because it can only show usefull data when
calling the appropriate decrypt routines. Meaning in case of
vulnerabilities which might give access to the files only scrambled data
would appear. Even more, there would only be a trace in the memory of
the decrypted file. There is no need to decrypt and store the file on
the disk.
It seems the returning weak link in all our solutions appears to be the
need of hard coded authentication information on our webserver in order
to connect to our database, which opens the world.
Are there any techniques available to secure our
application/code/server/data?
My apologies if this was sent to the wrong list.
Kind regards,
Thomas.
