CRM icon indicating copy to clipboard operation
CRM copied to clipboard

Published 20 hours ago verified publisher icon ChurchCRM

Encrypt data at rest

Open crossan007 opened this issue 9 years ago • 4 comments

Data at rest in MySQL db is not encrypted. Many people are running CRM on shared hosting, and would benefit from encrypted SQL columns.

http://stackoverflow.com/questions/1320682/how-to-encrypt-database-in-symfony

crossan007 avatar Jul 04 '16 22:07 crossan007

In the post-GPDR world, this deserves a bump and review.

MrClever avatar Mar 12 '20 01:03 MrClever

I'm curious; what data fields would be eligible for at-rest encryption? What's standard / suggested?

We've recently gained the capability for "secret storage" of TOTP/2FA tokens in the database, but I doubt this approach applies to "general" data storage.

crossan007 avatar Mar 12 '20 01:03 crossan007

Anything that personally identifies someone needs to be secured in transit and at rest is the basic rule of thumb. So name, address, phone numbers, bank account details etc. Given most of our tables use a person's per_ID (from person_per table) and not their "actual" name individual tables aren't necessarily the problem so much as someone getting hold of a full DB dump (my backups are encrypted which is a supported feature, but the live data isn't).

The person_per and family_fam tables have the bulk of personally identifiable information although the note_nte could be used nefariously too due to the completely abstract information that can be stored there. Not sure about the finance, event or Sunday school features because we don't use those on our production system, so they're all empty.

To summarise:

Obvious encrypted table candidates

  • person_per
  • family_fam
  • note_nte

Less obvious

  • Finance/deposit tables
  • Sunday school stuff?

MrClever avatar Mar 12 '20 02:03 MrClever