Moodle is storing the password ONLY in encrypted format in the database.
We would like to know how to store the personal information of user as well in encrypted format in the database. The requirement is whoever accessing the database should not see the user data in plain text format.
Please help here to get the solution without disturbing the core features of Moodle.
Encrypting the database is not something that should be implemented in the application like Moodle. It shoudl be implemented in the infrastrcuture. (e.g. https://en.wikipedia.org/wiki/Data_at_rest#Encryption) Yes, you should probably be doing that.
One-way hashing of passwords is something else - something that Moodle implments.
One-way hashing of passwords is something else - something that Moodle implments.
Hello Tim,
Thanks for the reply. In the context of MYSQL database which can be accessed using phpMyAdmin user data like email, Full name and mobile number is visible in plain text format, we would like to know to store that data in encrypted format and will be decrypted while using in code base.
Thanks
Thanks for the reply. In the context of MYSQL database which can be accessed using phpMyAdmin user data like email, Full name and mobile number is visible in plain text format, we would like to know to store that data in encrypted format and will be decrypted while using in code base.
Thanks
You can encrypt the database but if someone has access to it they will be able to read the data. Passwords are not stored in the database, a 1 way hash of the password is, you cannot recover the original password from the hash. If the same thing was used for use data you would never be able to read it in any application, only verify it was the same as something entered by the user.
Tldr; if someone has access to an encrypted data base they can read the data just like the application can.
Tldr; if someone has access to an encrypted data base they can read the data just like the application can.