Re: Encrypted Fields

Fri, 06 Feb 2009 09:33:59 -0800 

Michael,
thanks, this is exactly what I was looking for. I gave your white paper a brief read (only because I am working on another project this morning), and it looks to be incredibly helpful. 


Encryption is a seriously important issue (especially with all the  
mistakes we have been hearing about concerning Database  data files  
leaving companies on laptops and mysteriously becoming public  
domain).  The sensitive data must be encrypted but still be useful  
enough to serve its function in a relational DB context.


I will reply later with comments/questions.
Thanks again,
Joe



On Feb 6, 2009, at 9:35 AM, Michael Gentry wrote:


Joe, something I've explored doing (wrote a little paper on it, but  
never
implemented it) was to have a pair of values for sensitive fields.   
One is

the encrypted value (socialSecurityNumber) and the other is a version

(socialSecurityNumberVersion).  The version field maps to different  
keys
used to encrypt the main field.  This allows for the keys to be  
changed (due

to an employee leaving or perhaps you have a 3 month mandate for key

changes) while still allowing you to read the old values.  The key  
file
should be kept on the disk and protected by Unix file permissions so  
others

can't read it easily.

I'm not sure if I made sense, but I've you'd like, I can dig up my  
little
paper to send you (it might be more helpful).  Just tell me the  
formats you

can read (right now it is a Google Doc).

mrg



On Thu, Feb 5, 2009 at 11:01 PM, Joe Baldwin  
<[email protected]>wrote:



These are all good points.  I can do it either way as far as the  
business
rules go. I was just looking for some suggestions as to best  
practices.
The downside to using the database-managed encryption, is that it  
makes the

Cayenne code pretty messy (unless of course that I have missed some

Utility/Convenience method that deals with applying MySQL functions  
to

fetched data).


I can brute-force this, as I mentioned earlier, by making the  
conversions

via Cayenne select queries and the #result directives pattern.  My

implementation turned out to be kind of messy and so I was thinking  
there

has to be a better way.

























					Reply via email to