Secure PHP Apps with Symfony & MongoDB: Full Course on Queryable Encryption
freeCodeCamp.orgSeptember 11, 202538 min15,274 views
34 connectionsΒ·40 entities in this videoβIntroduction to Secure Application Development
- π‘ The course emphasizes building highly secure web applications due to the constant threat of data breaches.
- π Standard encryption practices are insufficient; systems must protect data throughout its life cycle: at rest, in transit, and in use.
- π― The tutorial guides users through building a financial transactions application from scratch, focusing on cryptographic security.
Technology Stack and Setup
- π The chosen stack includes PHP for backend logic, Symfony for structure and best practices, and MongoDB Atlas for the database.
- π Doctrine MongoDB ODM is used to map PHP objects to MongoDB documents, simplifying data interaction.
- π MongoDB's Queryable Encryption (QE) is a core feature, enabling queries on encrypted data without decryption on the server.
- π οΈ Initial setup involves installing PHP, Composer, Symfony CLI, the MongoDB PHP extension, and necessary Symfony bundles.
Database and Encryption Configuration
- βοΈ MongoDB Atlas is configured, including creating a cluster and setting up connection details via environment variables.
- π A local master key is generated for encryption, with a note that production environments would use a Key Management Service (KMS).
- βοΈ Configuration in
doctrine_mongodb.yamlenables auto-encryption and specifies the path to the MongoDB crypt shared library and KMS provider.
Document Classes and Data Modeling
- π Document classes (e.g.,
Account.php,Transaction.php) define data models and map to MongoDB collections. - π Fields like
accountNumber,socialSecurityNumber, andbalanceare configured for encryption using Doctrine ODM attributes. - π Queryable encryption is specified for fields like
accountNumberandsocialSecurityNumberto allow equality checks, and forbalanceto enable range queries. - π Fields like
cardNumber,CVV, andexpiryDateuse randomized encryption for maximum security when no queries are needed.
Financial Service and Controller Logic
- π§ The Financial Service class contains the application's business logic, handling account and transaction creation/retrieval.
- π The Controller exposes the Financial Service as API endpoints, receiving web requests and returning JSON responses.
- π¦ Dependency injection is used to inject the Document Manager into the service and the Financial Service into the controller, promoting clean code.
- π« The service layer is decoupled from encryption details; it works with plain data objects, with Doctrine ODM handling encryption transparently.
Creating Collections and Demo Data
- ποΈ MongoDB collections are created with correct encryption metadata using
doctrine_mongodb:schema:create. - π A console command (
app:demo-data) is created to populate the database with sample accounts and transactions. - β Data is inserted, with sensitive fields like account numbers and social security numbers being encrypted at rest in MongoDB Atlas.
Frontend and Application Testing
- π A simple
index.htmlfile with JavaScript interacts with the API endpoints to create accounts, transactions, and perform queries. - π§ͺ The application is started using
symfony server:start, and the user interface is tested by creating accounts, performing queries on encrypted data (e.g., by account number, balance range), and creating transactions. - π A demonstration shows that data is encrypted in MongoDB Atlas (appearing as asterisks) but is decrypted and usable within the application, showcasing the effectiveness of Queryable Encryption.
Knowledge graph40 entities Β· 34 connections
How they connect
An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.
Hover Β· drag to explore
40 entities
Chapters15 moments
Key Moments
Transcript141 segments
Full Transcript
Topics15 themes
Whatβs Discussed
PHPSymfonyMongoDBMongoDB AtlasDoctrine MongoDB ODMQueryable EncryptionData SecurityFinancial ApplicationsEncryptionDecryptionAPI EndpointsDatabase ConfigurationDocument ClassesConsole CommandsClient-Side Encryption
Smart Objects40 Β· 34 links
CompaniesΒ· 6
ConceptsΒ· 14
ProductsΒ· 16
PersonΒ· 1
MediaΒ· 1
LocationsΒ· 2