I've performed a search but can't seem to find what I'm looking for.

I'm about to deploy an app (on my Linode of course) that deals with financial data.

I would like my friends to use the system but am concerned with their privacy (well, everyone's really).

Since I will be the DBA, programmer, support, etc, I will have full access.

What are some suggested ways that even *I* can't know what financial data goes with which user?

I will need to track their email and username.

Any suggestions?

Thanks.

_________________
http://BitCircle.com

I may have answered my own question. How about this:

user + pass + salt = hash (ABC)

User Table:

id salt hash
------------------------------------------
1 OO7 ABC
...

UserInfo Table:

hash encuser enemail
-----------------------------------------------
ABC Ki$%gg Zjfd*(22f
...

Transactions Table:

hash rent paid
--------------------------------------------
ABC 500 Y
ABC -200 N
...



Now, looking at the data, I would never know that hash ABC was user John Doe.

I was thinking of using their username + pass as the key to DE-Crypt the UserInfo table. But, I would never be able to email them unless they logged in.

Man...this is getting complicated. lol

_________________
http://BitCircle.com