I am currently working on a project that will collect a lot of customer sensitive data. DOB, SSN, credit history, and other personal data.
This data is all used by a website which generates documents in PDF form which contains the personal data. Obviously if the customers' usernames and passwords are compromised their individual information is at risk, but what can I do to protect the database from being compromised?
Should I be encrypting the pdf documents and other information in the database? Will that cause significant performance problems as the number of users scale up?
Is it enough to keep the database server on a private network which the public web server accesses?
I am using MySQL
Here is a link to what are called the "PCI Best Practices"
http://www.appsecinc.com/solutions/pci/index.shtml
PCI is the standard to which companies who accept credit cards must adhere, and they are generally good practices to follow.
Some of the key points are:
If you read some of the docs on that site, it should give you additional information.
You should certainly have the database behind a firewall, only accessible to the web server. Why expose it more than is needed?
As for encryption... that would be good as long as your access requirements don't make it useless. Ideally you could store the SQL data encrypted to a key you know, and any produced documents would be encrypted to the client's key.