Discussion: Email address encrypted in database?

Hi all,
 
I just wanted to start a discussion about how you think about that email addresses are stored in the database.
Each day websites are hacked and most of the time you read that x amount of email addresses has been hijacked from the database.
 
You can check here if your mail address has been hijacked in the past: https://haveibeenpwned.com/
 
Now I'm very convinced that mooSocial is very secure. On daily base I'm updating my infrastructure and will monitor my site using different tools, and all of them tell me that my site is secure, which is great!
 
BUT,
 
because all websites are not 100% secure, it could be possible that your site is getting hacked. If a hacker does have access to your database it currently does have access to all your users email addresses (because they are stored as plain text in the database).
 
Therefore my suggestion: Why not store the mail addresses encrypted in the database and using a salted hash for de-encryption? (as it currently does for password storage). Then create a decryption php function in case mails need to be send.
 
If possible of course, once implemented.. this would be a killer function.
 
I like to hear your thoughts about this cool
 
Have a good weekend!
Posted in General Discussion on 11/09/18 at 08:56
Comments (3)
Craig  
This is a really good idea.
Mark  
it works if hacker only hacked database. If he can access source code also, he can decryption to get all emails.
ketkew  
I know.. but i think now a days each step of security should be considered. If a hacker succesfully inject SQL only then the mail addresses are still safe at least.
No login
Login or register to post your comment
arrow_forward
Cookies on mooCommunity - Social Networking Script.
This site uses cookies to store your information on your computer.
Read more east Accept done