Quote:
Originally Posted by Nookster
I have to add my input being a security guy. Using a key on the same server which is hacked to encrypt anything still doesn't solve a thing. A knowledgeable attacker will still be able to get access. There is no such thing as full encryption using a single server.  |
+1
If a field needs to be de-encrypted for use "in the clear" on say a profile form or for mailing out a sales notification, there's going to be some code which does the decryption, along with a key, located on the server. May make it a little harder to retrieve the emails, but certainly not impossible.