CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Discussion (deprecated) »
  • Feature Requests and Suggestions (Moderator: Dave Greenberg) »
  • Civicrm database encryption Feature
Pages: [1]

Author Topic: Civicrm database encryption Feature  (Read 1232 times)

sriz786

  • I post occasionally
  • **
  • Posts: 35
  • Karma: 0
Civicrm database encryption Feature
September 09, 2012, 04:11:04 pm
Hello dear friends,

Have you considered/discussed and have a Encryption capability/feature (roadmap) for Civicrm database encryption as well as SSL based member and events registration?

Due to security concerns over the internet, I think it would be most sensibe to provide encryption capabilities within Civicrm.

Kind regards,

Rizwan
Rizwan

mathieu

  • Administrator
  • Ask me questions
  • *****
  • Posts: 620
  • Karma: 36
    • Work
  • CiviCRM version: 4.7
  • CMS version: Drupal
  • MySQL version: MariaDB 10
  • PHP version: 7
Re: Civicrm database encryption Feature
September 09, 2012, 05:45:32 pm
Hi,

I think you bring up an important issue. And security issues need to be looked at in a greater context. To loosely quote Bruce Schneier:
* Security is a trade off (if you make it too complicated, no one will use it and they consequences will likely be worse)
* Your system is as secure as its weakest link.

Two other things to keep in mind:
* It's also important to define what you are trying to protect from.
* Keep only the data you really need. In case of an incident, this will minimize the consequences.

This said, regarding database encryption, I would recommend:
- To encrypt the disk of the server (using, for example, LUKS under Linux) - if you do that, you need to make sure someone else in your organisation knows the passphrase and how to reboot the server, in case you are unavailable. Encrypting the disk mostly protects you in case someone physically steals or confiscates your server.
- To encrypt the backups (either encrypt the backup server main disk, or use a tool such as Duplicity). The security of backups is often neglected, and probably more than servers themselves, they are prone to theft or unauthorized access.

This doesn't protect a live server, where an attacker could ssh into the server and copy the data. You have to rely on applying the security upgrades quickly (to the OS and CiviCRM/CMS, reducing the number of services running, reduce the number of users who can access, audit logs, etc. The above are sysadmin good practices, and transparent to users.

Implementing encryption in the database layer of the software would be impractical for users, since some functions such as search would not work at all (or be painfully slow). Also, in those cases, you need to store the key somewhere. Most applications I've seen do that (usually to encrypt credit card data) usually do so by creating a key that is stored on the filesystem and readable by the webserver. This really isn't much of a security.

About SSL security: if I recall correctly, there is an option in CiviCRM to force SSL on important pages. It should include event registration (if not, I'd consider it a bug). You can also just force your site to be always-SSL.

Do you have experience with other web applications that implemented other types of encryption / security measures?

Mathieu (bgm)
CiviCamp Montréal, 29 septembre 2017 | Co-founder / consultant / turn-key CiviCRM hosting for Quebec/Canada @ SymbioTIC.coop

sriz786

  • I post occasionally
  • **
  • Posts: 35
  • Karma: 0
Re: Civicrm database encryption Feature
September 09, 2012, 07:35:48 pm
So for instance if we use Mcrypt (http://www.php.net/manual/en/ref.mcrypt.php)
Would it help encrypted PHP coding without breaking the code, functionality and search capabilities,

Few open source EHR (Electronic Health Record) incuding PHP Mcrypt to protect member patient data.

Civicrm key focus is membership data.

Just a thought. Riz
Rizwan
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Discussion (deprecated) »
  • Feature Requests and Suggestions (Moderator: Dave Greenberg) »
  • Civicrm database encryption Feature

This forum was archived on 2017-11-26.