drupalencryptionsensitive-data

Storing sensitive data with Drupal


I need to use sensitive data with Drupal for a custom module to use. If I simply set them through the GUI, they will be stored unencrypted in the database. Anyone having access to it will have access to my sensitive data.

I can see two solutions for the moment:

  1. Find a way to securely store those credentials into the database;
  2. Put those sensitive data into a credentials_inc.php file, include it in settings.php to set variables my custom module could use and make sure that nobody else can read the file.

Which solution is best according to you? What do you recommend? Is there any other best option?

Best regards.


Solution

  • I would start off by using SecurePages module, to make sure the data entered somewhere along the way is not snooped.

    Then to encrypt the information try using php's mcrypt with a short example of how to encrypt and decrypt.

    Once the information is secured, you should have no problem storing the data in drupal's db structure. Also, an important note, you might check out hook_init() instead of trying to append something in settings.php. That is in general a bad practice.