Best Practices (1) Encryption
Hello,
I am extremely, extremely grateful to you. I see a definite and positive way ahead, and things are coming together.
Two matters on which I would appreciate your input, will understand if you ignore for lack of time, knowledge.
Firstly, I think I should be using encryption on vital fields.
Is there a preferred method of encryption? I know there are various hashes, MD5, and the like. But I don't know the differences.
Is there one you would recommend me to use?
And secondly, I need to be able to read at least some of the sensitive data I will be collecting.
So it's all very well to encrypt say a password field that presumably then becomes unreadable in the database.
But I also need to gather such things as Social Security Numbers, and Bank Account Numbers (so I can pay people).
Am I correct in thinking that if these are encrypted, then I can't read them? Or is there some form of key that is applied on data entry, and that can be reapplied on data read, and that is somehow automatically applied?
I know I can't make myself 100% hack-proof (the Red Cross just got breaced). But are there measures I can take as regards databases, php scripts, and storage that I should engage in, and that other customers of yours use? Or is there, instead, some off-site professional company whose services I can hire to store such info for me for the six or so months I need until my Event is completed.
I do not know who else to ask, and hope you don't mind me benefitting from your experience.
Thank you,
KAB
(Second associated question in a moment)