search

Admidio / admidio

Admidio is a free open source user management system for websites of organizations and groups. The system has a flexible role model so that it’s possible to reflect the structure and permissions of your organization.
https://www.admidio.org
GNU General Public License v2.0
323 stars 128 forks source link

Encryption of sensible data #230

Open ximex opened 8 years ago

ximex commented 8 years ago

http://fluuux.de/2014/10/wie-man-sensible-daten-einer-datenbank-speichert-aes_encrypt/ MySQL: https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_aes-decrypt PostgresSQL: http://www.postgresql.org/docs/current/static/pgcrypto.html (F.25.4. Raw Encryption Functions)

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/28538825-encryption-of-sensible-data?utm_campaign=plugin&utm_content=tracker%2F10474012&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F10474012&utm_medium=issues&utm_source=github).
ximex commented 8 years ago

I saw we store the SMTP password in cleartext. We really should implement this. The master key for the en/decryption should get defined in config.php with a secure-random generated string

ximex commented 8 years ago

This should be the right PHP lib: https://github.com/defuse/php-encryption Required PHP 5.4+

ximex commented 7 years ago

https://paragonie.com/blog/2016/10/do-it-yourself-hand-crafted-boutique-artisinal-cryptosystems#searchable-encrypted-databases