I have heard that it is not recommended to store vulnerable data (e.g. credit card info) in MySQL. If I do, however, have to do that, will I be minimizing the risk of jeopardizing that data by moving from vitrual hosting to a dedicated server? Or maybe to a dedicated server with a firewall?

Originally posted by sprogis
I have heard that it is not recommended to store vulnerable data (e.g. credit card info) in MySQL. If I do, however, have to do that, will I be minimizing the risk of jeopardizing that data by moving from vitrual hosting to a dedicated server? Or maybe to a dedicated server with a firewall?

A dedicated server nor a firewall will change the fact that your information is stored in plain-text. Look into encrypting the data, then you won't have a need for either the server or firewall :)

Thanks. Speaking of encryption. Is DES method considered a good encryption or will I still be at a high risk?

Originally posted by sprogis
Thanks. Speaking of encryption. Is DES method considered a good encryption or will I still be at a high risk?

Regular DES is, but 3DES isn't a high risk.

Encryption strength is all about the no. of bits used. To give an analagy, 48 bit encryption would be something like a drop in the ocean compared to 128bit.

Several points here:

If you can deploy a firewall - you should. It reduces your exposure/risk to only certain attacks (attacks related to the open ports on the firewall).

DES has been official depreciated, because of its weeknesses. It has been replaced by AES - but most vendors probably don't have an AES implementation out yet.

If you are going to store credit card (or any personal data for that matter), I would recomend separating your web site and your MySQL server onto different physical server (perhaps keeping your website on a shared/virtual server, and then using the dedicated server to handle the MySQL database.) The reason is that it allows you to increase your security. If somebody breaks into your website, they do not immediately get access to your MySQL database.

Some lessons about encryption for you guys.

The point to remember is that no encryption algorythm is unbreakable.

You need to chose an algorythm which is *secure enough* for the data you want to protect. But if there is someone interested in the data, that someone will take the time necessary to break the encryption to gain access to the data.

DES, a popular and very secure encryption algorythm, remained unbroken for 10 years... until the US government put 1M$ to build a machine fast enough to break into any DES encrypted data in about 10 hours. I guess the data was worth that amount.

No one will play 2 weeks attempting to break your system to gain a list of 50 e-mail addresses. But if they know you have some credit card numbers in there, they will sure play 2 weeks or more to break your MySQL server and break your encryption. There are many thousand dollars gift available there.

Most data can securely be stored into a MySQL database. For more sensitive data (such as passwords, if those are important passwords) you may want to use some encryption (MySQL provides some encryption algorythms, PHP provides some more, your favorite language probably provides some too, and there are plenty of encryption packages available out there, either for free or for a fee). But for very sensitive data (such as credit card information) you will probably want to store them outside the web (in a location not accessible from the Internet, so probably on another machine, on another network). Well, eventhough you store your credit card information on a computer at your house, there is still the possibility that a burglar stells the computer, finds a hacker to break the encryption, and someone else to use the numbers and get some money, but you need to decide what is a reasonnable risk and decide how much you are going to pay to get a decent security method.

If you are going to store my credit card information in a database which is accessible from the Internet, even in encrypted form, I am not going to do business with you.

Tom: I guess it is also probably that a meteorite strikes his house, causing US govt to think that it is a nuclear strike and wipes out the whole world with it's arsenel, and that normal hackers have access to million dollar machines :D Don't mind me.... but I was just saying that as you pointed out, all encryption methods can be broken.... but with what time? try bruteforcing a 512bit encryption with your pc :D US govt obviously have the money to play with since they are probably using it to steal other countries secrets. But not your normal hackers. And that's all that matters. That said, it is true that relying on encryption alone is not enough.

Building on Timelord post, what you can do to make it more secure is that your mysql database is accessible only from LAN, and only from the local ip of your webserver. At the same time, if you are just going to take orders, you can also make it one way (allowing only inbound traffic and not outbound). However when it comes to security measures, it is the same as the hackers... do something reasonable and secure 99% of the time. You can never guard against the 1% without going into astronomical costs.