All the time I read about web services that defend user data by encrypting everything. In case of theft of the database, everything is safe (provided we assume all the usual stuff of cryptography).
I'm playing with a small Sinatra application (not really planning to launching it, it's more for an educational purpose) using the DataMapper ORM on top of Sqlite. I implemented basic user authentication (hashing and salting...all the usual stuff, in short) and I am happy with it.
The fact is that the core of the application requires personal information about the user: weights and other bodily measurements (which can be without any doubt considered personal and sensitive data, which people might not want to be public). So I'm wondering, how can I safely store that data? In the application everything is accessed only by the proper user (although being quite a beginner in this things and having coded almost everything by hand, I'm quite sure there are a lot of security bugs..but as I said I'm not really planing to do anything with it).
I thought about encrypting it using the user password and decrypting it after successfull authentication, but then what if the password is forgotten? What if the password is changed? I read (here on SO) that for these reasons it's best not to do it in this way.. but then how can it be done?