I’m thinking about creating a web app in php and MySQL.
This app will manage and store (in MySQL) sensitive, personal information, so I’m a bit worried about security.
I’m thinking on encrypting the information before storing it in the database, using php’s own openssl_encrypt().
The challenge then lies in where to save the key for this.
I was thinking about storing the key in a file that was stored in another directory than public_html, for example a parent folder.
Would this be secure and safe enough for such a solution, storing sensitive, personal information?
What if I have this hosted at Siteground for example, then their support would have access to this file?
Thanks.
This app will manage and store (in MySQL) sensitive, personal information, so I’m a bit worried about security.
I’m thinking on encrypting the information before storing it in the database, using php’s own openssl_encrypt().
The challenge then lies in where to save the key for this.
I was thinking about storing the key in a file that was stored in another directory than public_html, for example a parent folder.
Would this be secure and safe enough for such a solution, storing sensitive, personal information?
What if I have this hosted at Siteground for example, then their support would have access to this file?
Thanks.
