Does anyone know enough about the encode/decode problem in mySQL data to compare the efficiency with using another type of Array database for encoded data? And I don't mean SQL server or the like, as I think mySQL is a fast database. It's just that the designers barely considered encryption as an after thought.
Securing data like credit card numbers, logins, phone numbers and other personal information should be #1 priority with all databases. And sure you can use encode/decode to make the data appear encrypted, but
1. It relies on a key, which must reside on the server, and anyone hacking the server and getting access to the database can find out what the key is in a matter of seconds, so it's a very bad false security.
2. Since you have to constantly compare new CC numbers, logins or PWs with what already exists in the database to find out if people are submitting twice, or duplicate logins with the same CC number, etc. -- you need the CC, phone #, name, address and login/pw fields ALL INDEXED, to search on them.
3. But that is where the problem comes, because when those fields are encrypted you can't realistically search on them or index them (incredibly slow), and to decode, then search, would mean creating an entire duplicate database just to search, and with any session persistence, no point encoding it to begin with!!
This is a conundrum that database developers in general have been negligent in fixing -- virtually all mass thefts of CC numbers and people's data on the web can be tracked to plain, unencoded data in databases.
I would prefer to put the data in a non-mysql structure, perhaps even a text file array, but I would like something more secure than a file like "here_they_are.txt" -- in plain ascii text format (but encoded). I could create encryption methods that are not easily debuggable, and search the database by encrypted match, but then I lose the efficiency and speed of automatically indexed mySQL databases -- not in the range of 100-1000 customers, but when you get up in the 10,000 plus range, a structured database like mySQL really shows its value -- in everything BUT encoded data, which is the ONE thing everyone needs!!!
The other issue is that any secure encoding method always creates high-order ascii -- chars 129-255, which seems to be another oversight of most databases, including mySQL -- many of those chars cause errors!
Any good comments from experience on this problem?
P.S. will happily increase points if I get a lot of input.
