Hi Harry, On 21 November 2017 at 01:51, harry mead <[email protected]> wrote:
> is all the data automatically encrypted on Apache ofBiz, or is there a > process to ensure that we have fulfilled all of the GDPR requirements and > the law. > "automatically encrypted" applies to several different facets of an application. For example, you would use TLS to encrypt data in transit from a browser. One security risk is that someone with basic file read permissions can dump the contents of a data file used by a DBMS with software other than the DBMS, and extract sensitive information like credit card numbers. Some databases have the option of transparently encrypting all data "at rest", sometimes known as Transparent Data Encryption (TDE), which eliminates that risk. It's "transparent" in the sense that the data is encrypted while at rest in a data file, without you doing anything different in your application or your queries. TDE will add some processing overhead and will mean your data does not compress well. MariaDB can do this ( https://mariadb.com/kb/en/library/data-at-rest-encryption/), as can Oracle and Microsoft SQL Server. I'm no Postgres expert, but from what I've seen I think you need to call encryption functions as you store data, so it's not transparent. Cheers Paul Foxworthy -- Coherent Software Australia Pty Ltd PO Box 2773 Cheltenham Vic 3192 Australia Phone: +61 3 9585 6788 Web: http://www.coherentsoftware.com.au/ Email: [email protected]
