madmatt / silverstripe-encrypt-at-rest
Enable encryption of data at rest (in database)
- Homepage:
- https://github.com/madmatt/silverstripe-encrypt-at-rest
- Packagist:
- https://packagist.org/packages/madmatt/silverstripe-encrypt-at-rest
- Repository:
- https://github.com/madmatt/silverstripe-encrypt-at-rest
- Authors:
Matt Peel
Readme
# silverstripe-encrypt-at-rest
This module allows data to be encrypted in the database, but be decrypted when extracted from the database, using a
secret key (hopefully) known only by the web server.
Note: This does not provide significant protection except in the case of database compromise. It should be used as
part of a layered security strategy. This is because the key is still available on the web server, so if remote code
execution is achieved by an attacker, they will be able to read both the database and the encryption key, thereby
decrypting the content.
Note: This module is not yet ready for real use, it's currently v0.0.1 material.
Usage
In your DataObject, use EncryptedDBField, to have it encrypted. At this point, everything is stored as text.
Set a key in your _ss_environment file.
define('ENCRYPT_AT_REST_KEY', 'mysupersecretlonghexkeyhere1234567890');
TODO
- Make sure $this->value is always the unencrypted value
- Clean up
- EncryptedEnum needs validation
- Extended testing
- Test if the value is actually encrypted, before trying to decrypt
Module rating breakdown
Module rating system helping users find modules that are well supported. For more on how the rating system works visit Module standards
Score not correct? Let us know there is a problem
Versions
Requires
- defuse/php-encryption: 2.0.x
- silverstripe/framework: ^3.4.5