I am implementing AES-256 bit encrpytion in my web app:
http://www.utoxin.name/2009/07/automatic-db-field-encryption-in-cakephp/
One of the steps says to store the cipher used and key in a boostrap file. But what is stopping someone from scanning the file system with PS or something and decrypting the data?
What is the best way to secure the data?
If someone has access to all files on the hard drive of your server, all bets are off. There is no way you can protect your data then, because your webapp still has to be able to access it.
This encryption will only protect you from attackers who can access the database, but not the file system, e.g. through SQL injection. And even in that case they may be able to read the data: depending on the particular leak, the webapp might happily decrypt it for them!
On a unix box you can store it into a file, created by the user account for apache, with 0600 permisions. This can be accessed by the root, so if the box it's secure there is no problem.On windows boxes, I don't know.