Firstly, what is BenefitMe?
BenefitMe is a platform that centralizes, presents, simulates, and manages all the benefits offered to your employees. Integrated or not into your HR portal, it allows each employee to visualize the benefits they have in terms of salaries, time, insurance, provident funds, as well as in-kind benefits. Employees can perform simulations at will, incorporating the tax impacts of their choices, before submitting them to HR for validation.
BenefitMe uses the PHP Laravel framework, which allows for securely encrypting passwords. Bcrypt encryption is a crucial mechanism for securing user passwords in applications. When a user creates an account or changes their password, Laravel uses bcrypt to hash the password before storing it in the database. Here's a detailed explanation of this process:
1) Password hashing: When a user enters their password, Laravel does not store the password in plain text in the database. Instead, it uses the bcrypt function to hash the password.
2) Automatic salting: Bcrypt automatically generates a "salt" (a random string of characters) that is added to the password before the hashing process. This ensures that even if two users have the same password, their hashes will be different.
3) Cost factor: The cost factor in bcrypt determines the number of iterations of the hashing process, making the creation of the hash slower and therefore harder to attack by brute force.
4) Storage of the hash: Once the password is hashed, Laravel stores the result in the database.
BenefitMe is a platform that centralizes highly confidential data, such as salaries, dates of birth, addresses, and other personal information. To ensure optimal protection of user data, all sensitive fields in the database are encrypted using, among others, the AES-256 algorithm.
The main challenge of this project was to encrypt all sensitive fields while preserving the ability to search through these encrypted data. To overcome this challenge, we implemented a sophisticated technique using an indexing table, allowing us to retrieve information in a completely secure manner. It is crucial to emphasize that only the server possessing the appropriate key can decrypt the data and perform searches on these specific fields before securely transmitting them to the client via HTTPS (as seen previously).
In conclusion, BenefitMe applies a rigorous security strategy by integrating encryption at every level of its infrastructure. For password protection, the Laravel framework is used to implement bcrypt hashing, providing enhanced security through automatic salting and the cost factor. In parallel, AES-256 encryption is implemented to encrypt sensitive data in the database, ensuring solid protection of confidential and sensitive information. Finally, communication between the server and the client is secured via HTTPS, guaranteeing the integrity and confidentiality of exchanged data.