Due to the new EU legislation (GDPR), I would like to encrypt user data (name, surname, email, phone, adress) into my MySQL database. How can I safely encrypt this data? Thanks for the ideas.
There is no requirement to encrypt the data of your customers.
It would be quite a big job to add the two way encryption needed to OpenCart so that customer data can be retrieved by the customer and by yourself for future processing etc.
For anyone else interested, the following article covers the upcoming legislation, and what needs to be in place for May 2018
https://www.superoffice.com/blog/gdpr/
Ernie
Database Table Data Encryption
Secure your sensitive information!
This Module will encrypt your settings table, this will prevent any further damage
when someone manages to get access to your tables (like sql injection or obtaining login data).
The settings table can contain lots of sensitive data like:
- backend settings
- ftp username password
- smtp username password
- paypal username password
- Other payment provider details
- Api credentials etc..
https://www.opencart.com/index.php?rout ... n_id=28739
---
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
IP_CAM: Does this module (Database Table Data Encryption) enable to encrypt user data (name, surname, email, phone, adress) ?
I could not use it anyway, as it comes, beeing a veteran, I still use a veteran OC-Version.
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
You could ask the developer if they would make modifications to do the same for customers, orders, addresses, etc
an extension, to work with the mostly used OC-Versions. And if you sell 500 of
them for 20 Bucks each, Daniel will like you very much!
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
then, one does not take the risk, to donate any knowledge, aware of the
fact, that nothing will ever be returned anyway.
Good Luck!
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
See here for the addon we developed for all versions from 1.5 up to 3
https://www.opencart.com/index.php?rout ... earch=gdpr
Available for hire for maintenance, installs, hacks, SEO disasters, and integrations with epos, logistics and accounts systems.
Opencart Developers Ireland
- It would seem to me that encrypting your customer data in the database is probably useless. If a hacker has access to read your database contents, they most likely have access to read your PHP code too, and from there they know your encryption method and key(s). What have you gained in the way of security?
- What is the point of allowing a customer to retrieve their data? First you have to make sure that an imposter isn't posing as them to gather personal data (say, someone who has stolen their account ID and password). You can just tell them which data you're keeping on file, and they'll know (if they've placed an order) what you have. What's the point of this exercise?
Users browsing this forum: Bing [Bot] and 71 guests