问题描述
我已经在使用将密码存储在我的数据库中,这意味着我应该免疫攻击。
I'm already using salted hashing to store passwords in my database, which means that I should be immune to rainbow table attacks.
但我有一个想法:如果有人抓住我的数据库怎么办?它包含用户的电子邮件地址。我不能真的哈希这些,因为我会使用它们发送通知电子邮件等。
I had a thought, though: what if someone does get hold of my database? It contains the users' email addresses. I can't really hash these, because I'll be using them to send notification emails, etc..
我应该加密吗?
推荐答案
Bruce Schneier对这种问题有很好的回应。
Bruce Schneier has a good response to this kind of problem.
在数据库中基本上加密您的电子邮件,以防万一并没有使数据库更安全。为数据库存储的密钥在哪里?这些密钥使用什么文件权限?数据库是否公开公开?为什么?这些帐户有什么样的帐户限制?机器在哪里存储,谁有物理访问这个盒子?远程登录/ ssh访问等等。
Essentially encrypting your emails in the database 'just in case' is not really making the database more secure. Where are the keys stored for the database? What file permissions are used for these keys? Is the database accesable publically? Why? What kind of account restrictions are in place for these accounts? Where is the machine stored, who has physical access to this box? What about remote login/ssh access etc. etc. etc.
所以我想你可以加密电子邮件,如果你想要的,但如果这是安全程度那么系统实际上并没有太多的工作,实际上会使维护数据库的工作更加困难。
So I guess you can encrypt the emails if you want, but if that is the extent of the security of the system then it really isn't doing much, and would actually make the job of maintaining the database harder.
当然这可能是广泛的安全策略的一部分你的系统 - 如果是这样伟大的!
Of course this could be part of an extensive security policy for your system - if so then great!
我不是说这是一个坏主意 - 但是为什么在Deadlocks'R'us的门口有一个锁花费5000美元,当他们可以穿过门外的胶合板?或者通过您打开的窗口进入?或者甚至更糟糕的是,他们找到留在门垫下的钥匙。系统的安全性与最弱的环节一样好。如果他们有root权限,那么他们几乎可以做他们想要的。
I'm not saying that it is a bad idea - But why have a lock on the door from Deadlocks'R'us which cost $5000 when they can cut through the plywood around the door? Or come in through the window which you left open? Or even worse they find the key which was left under the doormat. Security of a system is only as good as the weakest link. If they have root access then they can pretty much do what they want.
表示,即使他们无法理解电子邮件地址,他们仍然可以做很多的伤害(可能是如果他们只有SELECT访问,则减轻)
Steve Morgan makes a good point that even if they cannot understand the email addresses, they can still do a lot of harm (which could be mitigated if they only had SELECT access)
同样重要的是知道您的理由是存储电子邮件地址。我可能已经走过了一个,但我的意思是你真的需要存储一个帐户的电子邮件地址吗?最安全的数据是不存在的数据。
Its also important to know what your reasons are for storing the email address at all. I might have gone a bit overboard with this answer, but my point is do you really need to store an email address for an account? The most secure data is data that doesn't exist.
这篇关于是否值得加密数据库中的电子邮件地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!