Hi there,

I have managed to get my dataobject to store its data encrypted and i can then decrypt it http://www.silverstripe.org/general-questions/show/15158?start=8#post333985

My question is how and where should i store the encryption keys, please note my knowledge is limited here. The basic requirement is to encrypt some information about people, and i need a way of securing that info on the mysql server and then for it to be able to be decrypted and edited by any user that logs into the system.

Any help or pointers much appreciated.

Regards

Mick

It depends on the level of security you want but storing them as constants in your environment file would be alright if you have a single key you use for every record. You probably want to keep this in the code rather than MySQL for a start. If security is #1 you could store the value in a file away from the web root and file_get_contents() the path of the key on the server. That keeps it out of version control as well.

Cheers for responding Will,

I'm having trouble getting either option to work. Never used the _ss_environment.php file, i like the idea of the file_get_contents() but even though i put the file in the same directory (just for testing) and it can see the file i don't get any data, also would i then declare this as a global variable/function?

public function please() {
			$thekey = file_get_contents("../mysite/conf.txt");
			return $thekey;
	}

sorry if im being a plum.

mick

Try to avoid relative paths in SilverStripe as it's ambiguous. You also want to store the file outside of the web root. So something like

file_get_contents(dirname(BASE_PATH) . "/conf.txt");

will load conf.txt in the folder above the webroot.