What data should be kept encrypted?

@

@Twitt2019-12-17 12:32:03

Information Security

@Twitt, 2019-12-17 12:32:03

If I want to store user details in a database, such as their full address, should it be stored encrypted? For example, I know that a password hash is usually stored (I understand that hashing != encryption), about other data, I mostly saw that they are stored in clear text. Or is it still necessary to store some data such as an address encrypted?
I just understand that if someone hacks the database, it will be very easy to get data about users, if I didn’t encrypt it

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vladimir Korotenko, 2019-12-17
@firedragon

I will express an unpopular point of view.
If someone fucked your database, then you are covering a known part of the body.
Make 3 calls Display
level
Business logic
Database access level
Everything that comes from above should be logged and passed through a sieve of checks. Only the error identifier unique for each case is given up. And in the database, store at least open passwords, according to normal, this information should not rise above the first level.

P

paran0id, 2019-12-17
@paran0id

If you are seriously working with personal data of citizens of the Russian Federation, take a look at 152FZ. Everything is strict there, even the requirements for hosting.