I am using Apache, MySQL and PHP via HTTPS.
I need to be able to store sensitive information so it can be shared among several people. If I have a database (secret) and two php files: (/var/www is my web root)
/var/inc.php
/var/www/secret.php
In /var/inc.php, among other things, I have a variable named $enckey, which is a 32 character alphanumeric string. Its permissions are set to be read only.
In secret.php I have a username, password and key field. They key field ($key) is a string know by all users (each person has the same key since I'm using that as part of the salt), it would be a 8-12 alphanumeric with special characters string.
Everyone has their own username and password that are MySQL users/passwords as well. When they log in their user credentials would be validated with MySQL first. There are no database usernames or passwords in /var/inc.php.
My secret database has a table, secret like this:
CREATE TABLE `secret` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(64) DEFAULT NULL,
`data` text,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
If I store information in a MySQL table using:
AES_ENCRYPT('secret data', $enckey . $key)
and extract the data out using
AES_DECRYPT(`secret`.`data`, $enckey . $key)
am I doing enough to keep the data stored in the MySQL data column safe? Is there something more/different I should be doing?
UPDATE: Any one given access to the site (anyone with a valid user name/password) would have access to all sensitive data. The goal is to prevent a third party from getting the data if they were able to get to the database somehow.