Hi Chip,

Interesting subject...

You seem to have chosen (if I understand correctly) a good direction in your 
design : encrypt sensitive data (fields) with ENCRYPT BLOB I guess...

This is good, so event when looking at the datafile with an hex editor, a 
clever hacker won't be able to extract data.

It is not easy because the problem is that the data is not searchable, 
sortable... But it is a compromise.

Maybe it would be nice if 4D would have a transparent datafile level 
encrypted/decrypter. A bit like FileVault but at database level... There would 
be a speed penalty, but maybe one could choose field by field which data needs 
to be encrypted...

But then there is always the question of the keys... where do you store the 
keys and how do you protect them ? It would make the job more complicated, but 
not theoretically impossible.
Also, if you loose your keys, you just crypto locked your data.

The ideal solution is an HSM (piece of tempered proof $$$ hardware to store the 
keys), I have heard of them, but never seen one used. I have not idea if it 
could be used with 4D.

I have written systems where the keys are stored in a function. The function 
returns the base64 key in text... I used these keys to protect/encrypt 
passwords stored in text files. But again a skilled hacker could find the keys 
in your code I guess.
Definitely better than storing the keys in a plain text file name "key.txt" or 
password in a text file "credentials.txt"...

I rarely encrypt data in our databases (maybe not as critical as your case), 
but one thing I do, is that the backups are compressed and encrypted before 
being sent to another server.
I use 7z which has an AES 256 encryption option.
This way, if a backup file is compromised/stolen, the data is "safe". 

At the end of the day it is always cost/risk ratio. A compromise between the 
"value" of your data (and therefore the amount of effort a skilled hacked would 
throw at reading your data) against how much your client is willing to pay to 
protect the data...

It is important that you show that you have identified potential risks and you 
have prepared solutions.

Security also require you to be consistent. No point encrypting data if your 
user can export the same data in a file (because he will export the data in a 
text file and then your precious sensitive data will be on the loose).

In Europe we have RGPD which is trying to impose guidelines around data 
protection. It will be a long process... Some of it is good sense, some of it 
is not practical (but it makes some specialized lawyers rich along the way)...

Bruno LEGAY
A&C Consulting

**********************************************************************
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:[email protected]
**********************************************************************

Reply via email to