PHP/MySQL/Blockchain

Ziycon

I'm looking for a way to verify data inserted and updated into a MySQL database from a PHP application, is it possible to use specific columns of a record and create a blockchain transaction based off these values, in turn i can validate any record in the database against it's blockchain transaction.

I need a way to make sure that data in the database is consistant and hasn't been manipulated by anyone it shouldn't.

P.S. - I'm a noob when it comes to blockchain so any help/advice is appreciated.

14ned

Ziycon wrote: »

I'm looking for a way to verify data inserted and updated into a MySQL database from a PHP application, is it possible to use specific columns of a record and create a blockchain transaction based off these values, in turn i can validate any record in the database against it's blockchain transaction.

It is possible, but probably impractical. You'd either need some custom logic per record insert which goes off and does the blockchain transaction and blocks the database until it completes, or you'd need two tables and implement the concurrency resolution logic between them by hand. The former is easy to implement, but won't scale. The latter is hard to implement, garbage collection and ensuring consistency will be tricky.

I need a way to make sure that data in the database is consistant and hasn't been manipulated by anyone it shouldn't.

I'm unaware of any SQL database which can do this. You probably need a graph database based on Merkle trees.

Actually, git the source control tool is an example of such a graph database. You can install repo hooks to ensure a commit causes the blockchain transaction. Git will implement arbitration between multiple concurrent commits. Git commit signing implements tamper proof via gpg signing, with a complete audit trail going back with history.

However git isn't really designed for scalable concurrency. There is a master lock so only one thing can work at a time. But its general algorithm is a close fit to what you want, you just need a graph database set up with a git-like algorithm.

Niall

Talisman

Have you considered other security strategies? Hashicorp's Vault provides a number of services you could utilise: Identity and Access Management, Secrets Management (e.g. Database credentials rotation) and Encryption.

If the security of your data is the primary concern then the data should be secured before it hits the database so encrypt the data at the application level before storing it in the database.

Don't give your PHP application direct access to the database. Have it send requests via intermediate services. Lockdown the database privileges for the intermediate services so that they only have sufficient rights to do what they are supposed to.

You could use Vault to control access to the encryption keys, the services and of course the database credentials. Vault maintains an audit log which can help identify who is using the system.

Implement security in layers and also implement an audit strategy. For instance if you were to use a logging service to record inserts and updates to a table and also took regular snapshots of the table then any differences between successive snapshots should tally with the information from the logs. These checks should be automated to prevent the possibility of human hands interfering in the process.