Message of the day:
Welcome to Silverstripe | Current release: https://www.silverstripe.org/download | Community Forum: https://forum.silverstripe.org | Feature requests: https://forum.silverstripe.org/c/feature-ideas
If you have any SilverStripe related questions, please supply the version of Framework you're using.
Did you flush? 🚽 =
The first line in security right there ^
as a stopgap, you can encrypt that information before inserting it into the database using public key crypto.
paragonie/halite does all the hard stuff for you: encrypt with the public key, save the ciphertext in the database, and decrypt with the private key somewhere else. It's a big admin hassle, but then, so is dealing with personally identifying info. If you don't need it, don't collect it 😄
Yeah, there's a couple of approaches. The database itself would be accessible over SSL and encrypted on disk. That should be an option to find if you want to do it properly, but SSL support for MySQL has been broken in SilverStripe for a while: https://github.com/silverstripe/silverstripe-framework/issues/8871
According to the docs https://docs.silverstripe.org/en/4/getting_started/installation/how_to/mysql_ssl_support/ https://docs.silverstripe.org/en/4/getting_started/environment_management/ the path o...Hide attachment content
@null Will have some suggestions around this too, using Halite
And depending on your host, you could also enable an encrypted F/S for the env within which the DB runs.
You can always encrypt the data on a field by field basis? I've just done this myself.
@theruss cheers thats great, this is probably beyond my developer skills but something i can pass on to the developers.
The reason for my initial question, is the data collected needs to be stored in a secure environment, just incase the potential site were to be breached.
OOTB, that will be restricted to only RBMS' supported by SilverStripe, but I see no reason, why using the underlying principles, you couldn't attempt to send the data to Mongo or something else.