Forum

Thread tagged as: Question, Discussion, Runway

Database Encryption & Perch

Hi everyone

I have designed and built a website for a solicitor using Runway. With GDPR and given the sensitive nature of some of their contact form enquiries they receive, they are asking about making the database encrypted in order to protect the raw text data within it.

Having never looked into this before myself, has anyone got any experience with encrypting a MySQL database and also how it would work with Runway.

Not sure if it's worth encrypting the whole database or just the form submission fields?

Many thanks

Glen

Glen Piggott

Glen Piggott 0 points

  • 3 years ago
Duncan Revell

Duncan Revell 78 points
Registered Developer

Hi Glen,

I'm not a true expert on this, but I can offer an opinion:

First up, the encryption is at database (or table) level, not row/field level, so you won't just be able to encrypt the form submission fields - that would require changing the Perch source code (obviously, not a good plan).

Secondly, when it comes to database encryption, it's essentially encrypting the data at rest - running queries on the database still produces results in clear text. The advantage to database encryption is that the files on the disk are encrypted - if anyone managed to get those files, they wouldn't be able to just browse the data within.

I think that raises the bigger issue - that you spend your time and effort ensuring that nobody can get onto your server in the first place. With this kind of web application, if someone gains access to your server, they will be able to edit PHP files to write queries, they'll have access to the config file and therefore the database username/password etc etc. Saying that the database is encrypted may tick a box, but the real-world benefit in isolation, isn't actually that great.