Encrypting plaintext email, login, and alias


#1

Considering how many break-ins there are to databases nowadays, it seems no database can be fully protected from hackers. Under the assumption that a Piwik database will be hacked eventually, even when Piwik is configured for security, I don’t think it makes sense to store certain columns in plaintext. A hacked database with a plaintext email address linked to a plaintext login/alias can lead to more than just egg on your face, especially if those columns are linked to other columns in your non-Piwik tables.

Granted, I understand that encrypting these would add an additional load. However, this could be as simple as a configuration/plugin option to encrypt/decrypt for those who didn’t want the overhead. Additionally, this theoretically would only increase the load on user-driven events (e.g., login, email reports) and, thus, shouldn’t be that heavy.

Has anyone put together any guides or code that encrypt email addresses, logins, and/or aliases? If there’s going to be a hack, at least let’s not have these columns in plaintext when the data is out in the open.