Where to store key for AES_ENCRYPT in MySQL?

Question

I develop an app for iPhone / iPod Touch which has to have access to a MySQL database. I wrote a PHP API which I can call from the iPhone app.

In the database I store sensitive data which I want to encrypt. I think I will use AES_ENCRYPT. My problem is where to store the key.
It'd be great of you have any idea where to store the key to encrypt / decrypt so that it can not be seen by any other persons, e.g. hackers.

Answer 1

In general:

1. Don't keep your key in a part of the server that the web server has direct access to. For example, if your site is in /var/www/home, don't put your key in there. Put it someplace outside the web server's part of the tree.
2. Make sure that the permissions on the folder containing your key are correctly set. Your PHP app needs to have READ access only, NOT write or execute on that folder (and the key file).
3. Make sure the server itself has a good password (long, lots of random numbers, letters, and symbols).
4. Make sure the server is protected by a properly configured firewall, and is kept up to date with the most recent security patches.

As for trying to keep the key and the data separate -- this is a perennial problem for which there is no very good solution. The simple fact of the matter is that your application has to have access to the key. Either that means forcing everyone who's going to use the app to memorize the key -- which is likely to lead to sticky notes on monitors in plain view -- or else it has to live somewhere that the app can find it, either on the same server or another.