Sir your voice is so deep you could have send shiver down the spine if you were narrating a story of the genre horror or mystery-thriller. By the way great video on database encryption. Thanks.
Hey Steve, thanks for this content! About the key for encrypt/decrypt, i have a question... Is it a good idea to create the key from the password itself using a salt value? Or is it better to have a general key for all of the encryptions?
Great video, I was wondering if this can be applied to all tables in my database, but I'm concern about performance issues, do you think is recomended?. Thank you
Only apply the methods as required for best practices. There is definitely a performance penalty. Encrypt or hash things like passwords and credit card info.
A good place to put keys is in Environment variables, which you then read with your server-side scripting language and pass to MySQL via stored procedures or function calls.
@@SteveGriffith-Prof3ssorSt3v3 Hi. i have another question. is there any way to prevent double encryption or double decryption on columns(that returns null). i have been searching a lot but could not find the answer.
Hey Steve, I like this video and think it's pretty helpful. Sorry if I completely missed this but I'm trying to implement what you've done here into a database table that I have (so the data gets encrypted) but it's not working. I'm thinking it has to do with the way I created the columns for hash_pass, compress_pass, and enc_pass. Is there a tutorial somewhere on how to create those? I have them in the correct place, I think it's just that I didn't configure them correctly. My other question is: can I set this up to run whenever new data comes in, so the data gets encrypted then have it run whenever the data is accessed? I'm building a website where people can sign up and use different online tools I've designed. Basically, I'm trying to create a password management tool where a person can store all their important login information for various platforms.
Okay sorry I missed what you said at the beginning - I've now replicated your lesson successfully, but I am still wondering about the second thing that I asked as far as having this code run automatically whenever data is entered or requested by a user.
I would suggest you begin with the Javascript from the Start playlist. Then the HTML and CSS playlists or part of them. Then the JavaScript in the Browser playlist. There are lots of other playlist that you can watch to get more details on a specific topic as you go along.
It's so frustrating to find out that I was doing everything right but my database column was of type varchar and it was not working as expected. Why can't this thing work with varchar data type? I have a huge database with enormous amount of tables and columns changing all will be a nightmare..any idea or suggestions?
The only columns that need to change are the ones that need to be encrypted. If you are encrypting every text value in your database then I would suggest rethinking why you need to do that.
@@SteveGriffith-Prof3ssorSt3v3 Not all columns, just the once with the credentials..still I mean if I use external library like crypto I have the liberty to use varchar but if I use "built-in" functionality then I need to change the data type... that's kind of annoying don't you think?
@@siddharthtiwari5314 Not really. It's the type of thing that you general set when you design the database originally. If you are migrating a database to a newer version and changing datatypes on columns then you should write a script that will do all that work. This way you can manage the update process (backups, transactions, error handling, etc).
Sir your voice is so deep you could have send shiver down the spine if you were narrating a story of the genre horror or mystery-thriller.
By the way great video on database encryption. Thanks.
Hey Steve, thanks for this content! About the key for encrypt/decrypt, i have a question...
Is it a good idea to create the key from the password itself using a salt value? Or is it better to have a general key for all of the encryptions?
The key should be created separately and not be related to any other data.
@@SteveGriffith-Prof3ssorSt3v3 Thank you :)
Great video, I was wondering if this can be applied to all tables in my database, but I'm concern about performance issues, do you think is recomended?. Thank you
Only apply the methods as required for best practices. There is definitely a performance penalty. Encrypt or hash things like passwords and credit card info.
can you please talk about the ways of protecting the key where should i put it?
A good place to put keys is in Environment variables, which you then read with your server-side scripting language and pass to MySQL via stored procedures or function calls.
@@SteveGriffith-Prof3ssorSt3v3 Hi. i have another question.
is there any way to prevent double encryption or double decryption on columns(that returns null). i have been searching a lot but could not find the answer.
@@samnaghavi9775 that is up to the developer to write the correct query. Only update the fields you need updated.
Hi Steve, wouldn't it be smarter to save the `hash_pass` as a char instead of a varchar? Because you know it will always be 128 chars long.
Absolutely.
Hey Steve, I like this video and think it's pretty helpful. Sorry if I completely missed this but I'm trying to implement what you've done here into a database table that I have (so the data gets encrypted) but it's not working. I'm thinking it has to do with the way I created the columns for hash_pass, compress_pass, and enc_pass. Is there a tutorial somewhere on how to create those? I have them in the correct place, I think it's just that I didn't configure them correctly. My other question is: can I set this up to run whenever new data comes in, so the data gets encrypted then have it run whenever the data is accessed? I'm building a website where people can sign up and use different online tools I've designed. Basically, I'm trying to create a password management tool where a person can store all their important login information for various platforms.
Okay sorry I missed what you said at the beginning - I've now replicated your lesson successfully, but I am still wondering about the second thing that I asked as far as having this code run automatically whenever data is entered or requested by a user.
You can use triggers - ua-cam.com/video/gy6LY0Xy2zU/v-deo.html - to run queries when the user adds, edits, or deletes data.
@@SteveGriffith-Prof3ssorSt3v3 Thanks! I'll take a look at that. Your content is awesome
hey steve , is it fine that the key should stay in database
is database a safe place for the key
It can stay in the database. A better place would be in an environmental variable.
HEY, Steve... I want to learn front-end development .how to follow your channel, please suggest me ..step by step video series...thank you
I would suggest you begin with the Javascript from the Start playlist. Then the HTML and CSS playlists or part of them. Then the JavaScript in the Browser playlist. There are lots of other playlist that you can watch to get more details on a specific topic as you go along.
@@SteveGriffith-Prof3ssorSt3v3 thankyou for reply
It's so frustrating to find out that I was doing everything right but my database column was of type varchar and it was not working as expected. Why can't this thing work with varchar data type? I have a huge database with enormous amount of tables and columns changing all will be a nightmare..any idea or suggestions?
The only columns that need to change are the ones that need to be encrypted. If you are encrypting every text value in your database then I would suggest rethinking why you need to do that.
@@SteveGriffith-Prof3ssorSt3v3 Not all columns, just the once with the credentials..still I mean if I use external library like crypto I have the liberty to use varchar but if I use "built-in" functionality then I need to change the data type... that's kind of annoying don't you think?
@@siddharthtiwari5314 Not really. It's the type of thing that you general set when you design the database originally. If you are migrating a database to a newer version and changing datatypes on columns then you should write a script that will do all that work. This way you can manage the update process (backups, transactions, error handling, etc).