Le 21/11/2017 à 04:02, Paul Foxworthy a écrit :
Hi Harry,
On 21 November 2017 at 01:51, harry mead <[email protected]> wrote:
is all the data automatically encrypted on Apache ofBiz, or is there a
process to ensure that we have fulfilled all of the GDPR requirements and
the law.
"automatically encrypted" applies to several different facets of an
application. For example, you would use TLS to encrypt data in transit from
a browser.
One security risk is that someone with basic file read permissions can dump
the contents of a data file used by a DBMS with software other than the
DBMS, and extract sensitive information like credit card numbers. Some
databases have the option of transparently encrypting all data "at rest",
sometimes known as Transparent Data Encryption (TDE), which eliminates that
risk. It's "transparent" in the sense that the data is encrypted while at
rest in a data file, without you doing anything different in your
application or your queries. TDE will add some processing overhead and will
mean your data does not compress well.
MariaDB can do this (
https://mariadb.com/kb/en/library/data-at-rest-encryption/), as can Oracle
and Microsoft SQL Server. I'm no Postgres expert, but from what I've seen I
think you need to call encryption functions as you store data, so it's not
transparent.
Cheers
Paul Foxworthy
Also you can encrypt data using encrypt="true" for a field
Have a look at
<entity entity-name="CreditCard"
and
<field name="cardNumber" type="credit-card-number" encrypt="true"></field>
HTH
Jacques
