Storage of confidential data with Drupal

Question

Storage of confidential data with Drupal

I need to use sensitive data with Drupal to use a custom module. If I just installed them through the graphical interface , they will be saved in unencrypted form in the database. Anyone with access to it will have access to my sensitive data.

At the moment, I see two solutions:

Find a way to safely store these credentials in the database;
Put this sensitive data in the credentials_inc.php file, include it in settings.php to set the variables that my user module can use, and make sure that no one else can read the file.

Which solution is best in your opinion? What do you recommend? Is there any other better option?

Sincerely.

+5

drupal encryption sensitive-data

Korchkidu Apr 29 '11 at 16:41

source share

3 answers

API, , mcrypt ( ).

+6

Matt V. 29 . '11 17:23

- Drupal. ( Drupal - , Welcome).

Along with Encrypt, you will also need an additional module, for example, Connecting to the Townsend security server , which allows you to manage encryption keys outside the Drupal database in the encryption key manager (HSM, Cloud, VMware, etc.). Just remember - if you do not properly manage encryption keys, you encrypt your data incorrectly.

Full disclosure: I work with Townsend Security on the Drupal team.

+1

geetarluke Jun 24 '14 at 19:45

source share

ohmusama · Accepted Answer · 2011-04-29T17:07:34+0000

I would start using SecurePages to make sure that the data entered somewhere along the way was not viewed.

Then, to encrypt the information, try using php mcrypt with a brief example of how encrypt and decrypt .

, drupal db. , , hook_init() , - settings.php. , , .

Storage of confidential data with Drupal

More articles: