I have read most of the forum messages that popped up in a search and the install documentation for Data Encryption Manager. I also have it setup and encrypted my addresses, customers and orders tables...Everything is working so I don't have an issue with that part.
I was wondering, what permissions should things have on the web server? A lot of docs have 777 and most files everywhere seem to be 755 as well.
Having lived as a Unix admin person in my past life, a lot of these files seem world readable. Even the system/config.php has 755 permissions. Is this normal and is this a security concern? The config.php file has all the database login info there so with that, you can access all the information (I used to have root access everywhere so maybe this is normal?, I was never in web-development)...
Also, what is the best or safe security practice for what I should or where should I store my encryption keys? Do I just leave them both in my keys folder on the server or delete the key pair on the server under my /path/to/keys/ folder?
Leave the .pub and delete the .prv?
I wasn't sure what is needed to allow the store to just work and I can run scheduled encryptions of customer data regularly I guess.
Thanks for any tips and info you can share.
Also, what is this line?
// Encryption key for protecting sensitive information. NOTE: Change of this key will cause a loss of all existing
encrypted information!
define('ENCRYPTION_KEY', 'somekey');