I am writing a web application (in PHP) at the moment that holds sensitive information about users on it, but in order to comply with the DPA, I want it to be fully encrypted as its running on a shared server. This information is then provided to specific users who have been identified outside.
And although I am confident of securing the way the data is distributed, and mostly confident of the server company, i just want reassurance.
I was wondering if anyone had any ideas of how to encrypt the data that is stored with a key that is also secure. I know it could be obfuscated, or masked in someway, but that could be used. Yes, its probably a bit overkill, but I need to be certain of it.
don't store the key in the system. store the key outside the system (piece of paper, some other system, etc.) supply the key to the system when you initialize it and have the system keep it in memory the whole time.