1

I am building a small application for a real estate company which needs to store sensitive information such as bank statements, tax returns, etc. Right now i have the upload form as just a standard html upload form using php $_FILES to move the file to the desired folder. This works fine but there is no level of security to protect this sensitive information. I have two questions?

First, what is best practice (as of 2017) for storing sensitive documents like bank statements, tax returns, etc? I have tried to search for best practices online but everything im finding is 5-10 years old information or deprecated php functions. Is there specific php function I should be using/researching?

Second, are there any tutorials or books available that would help me understand secure file storage, file encryption, etc., in php?

My ultimate goal is just to make sure these files are secure and don't fall into the wrong hands. My question is specific to file uploads. I do understand that the rest of my site has to be secure as well. My question is simply about protecting files.

Thanks for any help or guidance.

Improve this question
10
  • I'm not sure would it be a good idea to use BLOB.Since you can add it to the database where you could do some crypting magic. Commented May 24, 2017 at 16:37
  • It will be slower tho...But could do the job thats for sure Commented May 24, 2017 at 16:37
  • 1
    Encrypt your content with public key (and probably just store in the database, the "how" part isn't really important, unless we are talking about PDF or other large files) and keep the private key in an air-gapped system. Commented May 24, 2017 at 16:40
  • 1
    @tereško These would definitely by large PDFs. We are talking 20-50 page tax returns, etc. Commented May 24, 2017 at 16:41
  • 2
    Then I would encrypt the files and store them on the filesystem. Your main focus would be to make sure, that just because your server gets hacked and DB dumped, there is no way actually use any of it (hence, the air gap). Commented May 24, 2017 at 16:44

1 Answer 1

Reset to default
2

First, what is best practice (as of 2017) for storing sensitive documents like bank statements, tax returns, etc?

The literal answer to this is simply to keep them ENTIRELY OFFINE (on a remote hard disk, if needing to keep them digital at all) and store them in a good quality safe with only one -or maximum two- verifiable keyholder(s).

  • Read https://security.stackexchange.com
  • Read https://crypto.stackexchange.com

  • Read, download and use the Defuse PHP Encryption Library. My reading up on the same topic last year persistently showed this library (and all of Defuses stuff) was very high if not market leading in this arena. This encryption library can en/decrypt files.

  • Also research Halite. Which is a High-level cryptography interface powered by libsodium, which can encrypt and decrypt files.

  • Also please read my answer here for MySQL best practise for securing data storage (string or blobs etc.).

  • If using a database it is paramount that the database and the file server are different servers (and depending on the value of your data they should be in very different physical locations), and the database contains an encrypted key needed for the fileserver decryption, so that if when one server is compromised, the data is still secured.

  • Use your own server(s). Don't use the "cloud". (To have proper online data security is not really cheap)

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I really don't agree with keeping these records non-digital. You're just changing electronic security for physical security which is usually not that much better. It's just that you simply reduce the number of people who can find a physical weakness. But such a move severely restrict the possibility of doing business in 2017. It's just not practical anymore.
@ArtjomB. It was a literal answer to the literal question, there was no scope as to knowing who needed access to the documents, and if it's sensative information then keeping it offline will be safer, as referenced by comments answering the question, stating using air-gapped media, few things are better "air gapped" than a safe.
@ArtjomB. I also fundamentally disagree that physical security is usually not that much better than digital security. You make sweeping assumptions.....
Libsodium itself doesn't do files, but Halite does. (Defuse's File encryption library was my main contribution, and was modeled after what Halite already did.)
@ScottArciszewski thanks for the info, I have updated my answer!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.