Search code examples
mysqldatabase-security

How to secure the email ids stored in the database?

I am storing passwords after bcrypting but user email ids as a plain text(without encrypting), because I want to send newsletters to that email ids regularly. I have got two questions?

  1. How to secure the database so that email ids as the plain text in the database can be secured from hackers?

  2. Is there any way to check the particular database table is only accesed by my web form not from outside?

note:I am new to database.

Solution

  • There's nothing wrong with storing emails in plaintext. Even if accessed they don't allow the attacker to access the accounts (provided the authentication works correctly). There's no reason to encrypt them unless you have some very specific requirements we don't know about.

    If you want to secure your database in general:

    • read the database documentation
    • if you have multiple services / scripts accessing the data, make sure they have separate accounts and have access only to the data they need to access
    • make sure your database backups are at least as secure as the database itself
    • limit the source hosts (possibly when setting up users) for the accounts to only allow connections from your web frontend, or if you're running on the same host maybe you can disable everything apart from loopback (bind the database to 127.0.0.1)
    • ... loads of other things are possible, but start from the basics... you'll find more ideas in the documentation, I'm sure