Sensitive data encryption in Jomres
I am aiming to make the next version of Jomres compatible with the GDPR. To that end I will be adding several new features that I would appreciate feedback from the community with.
This is really important and if you are a user of Jomres, I strongly encourage you to get involved with testing this new functionality.
Today I have merged new code into the Nightly branch which contains a significant feature update that will be available in the next version of Jomres. As a result I need to ask the community to help us with testing this new functionality. The new branch merged today brings user encryption to the database, and this is available to both free users and users with licenses.
Why do we want to encrypt user data?
Data that is stored in the database is considered to be "data at rest". Whilst not strictly speaking covered by the GDPR, I am of the opinion that this is the right time to introduce this hardening of the system.
By now you're probably aware that Google is placing a very high premium on websites that serve their pages through the HTTPS protocol. The purpose of this is to ensure that your communications with HTTPS protected sites cannot be observed by third parties while that data is in transit ("data in motion"). This is all well and good, however once that arrives at the remote server that data is then stored in the website's servers in plain text form. Essentially there are columns for the guest's name, and the guest's name could be easily read by anybody who has access to the database. The same goes for other Personally Identifiable Information (PII) such as email addresses.
Normally this isn't problematic because in the usual course of operations only authorised people can see that guest's details. What happens, however, if the database should somehow be compromised by an attacker? You're probably thinking that your business is too small, nobody's going to be interested in your guest's (or your) details, and you'd be wrong.
On the other hand, breaches of data security are inevitable. Every security professional is taught from day one that with the complexity of modern networks, the scope of the threat landscape, and the breadth of user behaviour and understanding, guarantees of security cannot be given.
Your data will be misappropriated at some point.
GDPR – Is Data Encryption Really Necessary?
I have always worked hard to ensure that Jomres and it's plugins are as secure as I can possibly make them. The new functionality introduced today further secures your guest's data. It will create new columns in the Jomres tables that store sensitive guest and manager details such as names, addresses, telephone numbers and email addresses. The installer will convert the existing guest and manager details so that they are securely encrypted and stored in these new columns and any future data stored will be encrypted. This should ensure that in the event that the database becomes compromised, PII does not fall into the hands of the wrong people.
How can you help?
Jomres users who are interested in working with new features before they have been released can easily install the Nightly branch onto their Staging/Development servers ( you should never install Nightly onto a Production server ). To see how to do that, please visit the "Installing/Updating to the Nightly branch" page on the manual. The process is simple and is the same as updating Jomres normally.
Once you have updated your Jomres installation it should show in the administrator area > Jomres control panel that the version is 9.11.0. You should now update the plugins too, as to date 21 plugins have also been modified.
What should you expect to see different to before?
If all goes well, absolutely nothing should be visually different. You should still be able to view guest lists, edit their details, see their details in invoices etc. The changes, whilst extensive, are all in the underlying code. If you view your xxxxx_jomres_guests or xxxxx_jomres_guest_profiles tables you should now see that the easily visible guest details are missing, and instead some new "blob" columns have been added.
In the root of your Jomres installation (e.g. /public_html/jomres/) you should see a new file called encryption_key.class.php. You should never, ever delete this file as it contains the key that the encryption library requires to decrypt the guest and manager's PII. If you lose this key, you will not be able to view your guests details again.
Once you have updated to the Nightly, then proceed to use Jomres as you would normally. If you come across any anomalies, or if you should find that you are unable to update at all, please do not hesitate to contact us on the ticket system at https://tickets.jomres.net where we will work with you to identify the problem.
- Created on .