I am wondering how other people protect information stored in an MySQL database.
I am asking because I would like to implement a sync service in my app, where the user can either update information either via their device or the website. The website and app are already built (neither online yet).
MySQL give you the ability to create multiple users with different access levels. I would create a user specifically dedicated for the sync functions and give it as little permission as possible. Rob has a good tutorial on getting data from MySQL via JSON. You can integrate security into this process.
Will read his tutorial more closely… I was curious more on the data itself, I can’t imagine it is a good thing to have the data human readable… Would encrypting *all* of the information (text) as AES-256 (via openSSL php on the server side and using the openssl plugin) be the proper way to harden it more?
I think your idea will work well (openSSL etc). The question is how sensitive is the data itself on the mobile device vs your actual backend. If the communication between your device and MySQL is not well secured then the bigger risk is the compromise of the backend. In a very very sensitive app/data situation I would probably not even let the mobile app talk to the actual mysql db when sending data back and use an intermediary. Then use server code to inspect data in intermediary and move it into the main db etc. Good luck. Sounds like you have a fun project.
MySQL give you the ability to create multiple users with different access levels. I would create a user specifically dedicated for the sync functions and give it as little permission as possible. Rob has a good tutorial on getting data from MySQL via JSON. You can integrate security into this process.
Will read his tutorial more closely… I was curious more on the data itself, I can’t imagine it is a good thing to have the data human readable… Would encrypting *all* of the information (text) as AES-256 (via openSSL php on the server side and using the openssl plugin) be the proper way to harden it more?
I think your idea will work well (openSSL etc). The question is how sensitive is the data itself on the mobile device vs your actual backend. If the communication between your device and MySQL is not well secured then the bigger risk is the compromise of the backend. In a very very sensitive app/data situation I would probably not even let the mobile app talk to the actual mysql db when sending data back and use an intermediary. Then use server code to inspect data in intermediary and move it into the main db etc. Good luck. Sounds like you have a fun project.