Introduction

I am currently working on a project that includes the daily extraction of data (pharmacy records) from the VisualFox Pro database and uploading some of them to the WordPress website, where pharmacy clients can safely view it. I would like to receive some recommendations regarding the general methodology of my software - I can encode it, but I need to know if I will drive correctly. I write both PC software (in C # /. NET 4.5) and the PHP WordPress plugin.

Question 1: Encryption

The current data server encryption process that I plan to use is based on this article . To summarize, it protects the encryption of each individual user data asymmetrically with its own public key stored on the server. The private key for decrypting this data is itself encrypted symmetrically using the user's password and stored. Thus, even if the database is stolen, the user password hash must be corrupted, and even then the process must be repeated for each user data.

The only weakness noted by the author himself, and the main question of my question is that during the login, the decrypted key is stored in the session store. The way the article is proposed is simply to limit the user login time. I thought that the best solution would be to store this key in a short-lived secure cookie (of course, the whole process happens via HTTPS), so if an attacker controls the user's computer and can read his cookies, he can probably just enter his password and to log in, you do not need to steal the database, although even if an attacker gains access to the server, they cannot decrypt HTTPS traffic (or can they? I'm not sure.)

cookie ?

2:

-, , - . , , . , "" , JSON , , .

, - , , , , . , , MySQL WHERE, ORDERBY .., BLOB.

?

3:

DBF "diff", , ( , , , ). "" , . , , 200 , .

, JSON, gzip . : , ? , HTTPS, API, , , , . , JSON . , . , . JSON , , API , , , . ?

?

, -, .

: , . .