Open crossan007 opened 8 years ago
In the post-GPDR world, this deserves a bump and review.
I'm curious; what data fields would be eligible for at-rest encryption? What's standard / suggested?
We've recently gained the capability for "secret storage" of TOTP/2FA tokens in the database, but I doubt this approach applies to "general" data storage.
Anything that personally identifies someone needs to be secured in transit and at rest is the basic rule of thumb. So name, address, phone numbers, bank account details etc. Given most of our tables use a person's per_ID
(from person_per
table) and not their "actual" name individual tables aren't necessarily the problem so much as someone getting hold of a full DB dump (my backups are encrypted which is a supported feature, but the live data isn't).
The person_per
and family_fam
tables have the bulk of personally identifiable information although the note_nte
could be used nefariously too due to the completely abstract information that can be stored there. Not sure about the finance, event or Sunday school features because we don't use those on our production system, so they're all empty.
Obvious encrypted table candidates
person_per
family_fam
note_nte
Less obvious
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
Data at rest in MySQL db is not encrypted. Many people are running CRM on shared hosting, and would benefit from encrypted SQL columns.
http://stackoverflow.com/questions/1320682/how-to-encrypt-database-in-symfony