Post by milansprlak » Wed Jun 28, 2017 2:16 pm

Hi, i have opencart 2.3.0.2.
Due to the new EU legislation (GDPR), I would like to encrypt user data (name, surname, email, phone, adress) into my MySQL database. How can I safely encrypt this data? Thanks for the ideas.

Newbie

Posts

Joined
Fri Feb 24, 2017 5:46 pm

Post by uksitebuilder » Wed Jun 28, 2017 3:02 pm

Hi

There is no requirement to encrypt the data of your customers.

It would be quite a big job to add the two way encryption needed to OpenCart so that customer data can be retrieved by the customer and by yourself for future processing etc.

For anyone else interested, the following article covers the upcoming legislation, and what needs to be in place for May 2018

https://www.superoffice.com/blog/gdpr/

User avatar
Guru Member

Posts

Joined
Thu Jun 09, 2011 11:37 pm
Location - United Kindgom

Post by IP_CAM » Wed Jun 28, 2017 4:53 pm

this may suit your needs, I just found it yesterday in the Extension Section.
Ernie

Database Table Data Encryption
Secure your sensitive information!
This Module will encrypt your settings table, this will prevent any further damage
when someone manages to get access to your tables (like sql injection or obtaining login data).
The settings table can contain lots of sensitive data like:
- backend settings
- ftp username password
- smtp username password
- paypal username password
- Other payment provider details
- Api credentials etc..
https://www.opencart.com/index.php?rout ... n_id=28739
---
Image

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by milansprlak » Wed Jun 28, 2017 6:24 pm

Thank you.
IP_CAM: Does this module (Database Table Data Encryption) enable to encrypt user data (name, surname, email, phone, adress) ?

Newbie

Posts

Joined
Fri Feb 24, 2017 5:46 pm

Post by IP_CAM » Wed Jun 28, 2017 6:33 pm

well, you better ask the Extension Supplier about such, I have no idea ! :D
I could not use it anyway, as it comes, beeing a veteran, I still use a veteran OC-Version.
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by uksitebuilder » Wed Jun 28, 2017 8:57 pm

That extension only encrypts the settings tab

You could ask the developer if they would make modifications to do the same for customers, orders, addresses, etc

User avatar
Guru Member

Posts

Joined
Thu Jun 09, 2011 11:37 pm
Location - United Kindgom

Post by JohnR1984 » Wed Oct 18, 2017 6:26 am

Yeah but colum level encryption with AES encryption is easy too add. ;)
Was kinda surprised that some parts of database is not encrypted by default like customer, settings, address etc..

Newbie

Posts

Joined
Wed Oct 18, 2017 6:07 am

Post by IP_CAM » Thu Oct 19, 2017 4:18 am

Well, if it is as easy as you claim, go ahead, and earn good money, by creating
an extension, to work with the mostly used OC-Versions. And if you sell 500 of
them for 20 Bucks each, Daniel will like you very much! :laugh:
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by JohnR1984 » Fri Oct 20, 2017 5:26 am

Haha would be more like sell 2 copies then it would pirated for free. Nah I will focus on writing code for my own web shop.

Newbie

Posts

Joined
Wed Oct 18, 2017 6:07 am

Post by IP_CAM » Fri Oct 20, 2017 6:59 am

Well, that would be a good reason, to just make a FOO out of you here,
then, one does not take the risk, to donate any knowledge, aware of the
fact, that nothing will ever be returned anyway.
Good Luck!
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by JohnR1984 » Sun Oct 22, 2017 6:56 am

I tell ya what I might post DB encryption code later it's nothing special anyways. :)

Newbie

Posts

Joined
Wed Oct 18, 2017 6:07 am

Post by JohnR1984 » Fri Nov 03, 2017 1:13 am

Time to work on the ux and more functions.

Image

Newbie

Posts

Joined
Wed Oct 18, 2017 6:07 am

Post by willows » Sat Jan 20, 2018 1:59 am

We have developed a GDPR addon that looks after Personal Information Requests automatically and logs these for inspection later.
See here for the addon we developed for all versions from 1.5 up to 3
https://www.opencart.com/index.php?rout ... earch=gdpr
Image

Available for hire for maintenance, installs, hacks, SEO disasters, and integrations with epos, logistics and accounts systems.
Opencart Developers Ireland
Image


User avatar
New member

Posts

Joined
Sun Mar 17, 2013 5:19 am
Location - Dublin Ireland

Post by MrPhil » Sat Jan 20, 2018 6:11 am

  1. It would seem to me that encrypting your customer data in the database is probably useless. If a hacker has access to read your database contents, they most likely have access to read your PHP code too, and from there they know your encryption method and key(s). What have you gained in the way of security?
  2. What is the point of allowing a customer to retrieve their data? First you have to make sure that an imposter isn't posing as them to gather personal data (say, someone who has stolen their account ID and password). You can just tell them which data you're keeping on file, and they'll know (if they've placed an order) what you have. What's the point of this exercise?
Are EU bureaucrats simply idiots, if they're requiring either of these?

User avatar
Active Member

Posts

Joined
Wed May 10, 2017 11:52 pm
Who is online

Users browsing this forum: No registered users and 171 guests