CRM icon indicating copy to clipboard operation
CRM copied to clipboard

Published 20 hours ago verified publisher icon ChurchCRM

Encrypt sensitive values in the database

Open crossan007 opened this issue 4 years ago • 0 comments

With #5029, there is now a mechanism for encrypting data-at-rest in the ChurchCRM database.

As of #5029, only the TOTP secret keys are stored in an encrypted manner, but there are other fields that should be encrypted:

  • sSMTPPass
  • sGoogleMapKey
  • sBingMapKey
  • sISTpassword
  • sExternalBackupPassword
  • sMailChimpApiKey
  • sGoogleTrackingID
  • sNexmoAPIKey
  • sNexmoAPISecret
  • sOLPPassword

To be clear, the benefit from encrypting these values in the database is primarially against "database dump attacks" where a malicious actor has access to the database (or a backup file), but does not have access to the application code.

Since the encryption key is stored in the application config file (this is necessary so that the running application may decrypt the values for use), an attacker with access to both the config file and the database will be able to obtain the secret values.

crossan007 avatar Nov 10 '19 23:11 crossan007