Encryption

Post here you suggestions and wished features for hoteldruid development.

Moderator: marco

Post Reply
JustBob
Posts: 7
Joined: Wed Apr 23, 2014 8:52 pm

Encryption

Post by JustBob »

In the light of the 'NSA scandal' how easy would it be for you to add (optional) encryption of sensitive data (client data and documents)? I read that your server is located in London - i.e. a country where , among other laws, anti terror legislation makes it easy for authorities to seize any server or request a copy of it!
As I am not that familiar with php I dont know if readily available crypto modules exist for it.

Edit:
I saw that you store the private key along with the pub cert (for enrypting credit card data) in the database!
One has to choose a really good password for this kind of "protection" else the encryption is useless!
marco
Posts: 1332
Joined: Tue Jul 05, 2005 6:00 pm
Location: Roma, Italia

Re: Encryption

Post by marco »

Hello,
many OSes offer the possibility to encrypt the entire filesystem, anyway in most countries hotels have the duty to report information about guests to public authorities. I think having to upload a private key would be too much troublesome for many users (who would end up storing it in insecure ways), I'll add stricter requests for password in next versions.

Regards,
Marco
Problems installing, configuring, upgrading?
Try the easiest way to use HotelDruid:
https://www.digitaldruid.net/hosted/index.php
Post Reply