Re: Encrypting Data...
From: Peter J. Holzer (hjp_at_wsr.ac.at)
Date: 01/21/04
- Next message: Michael Peppler: "DBD::Sybase on MacOSX/ASE 12.5.1 (was: Re: Getting DBD-Sybase to Work)"
- Previous message: Remo Sanges: "Re: Installing DBD::mysql on MacOSX 10.3.2 (panther)"
- In reply to: Tim Howell: "Encrypting Data..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 21 Jan 2004 10:28:36 +0100 To: dbi-users@perl.org
On 2004-01-20 17:08:03 -0800, Tim Howell wrote:
> This question isn't strictly DBI, but I wasn't sure where to ask. Is
> there a preferred way to encrypt data stored in a database? I'm
> developing an application that has higher security requirements than
> what I've done in the past and I want to make sure the data is safe.
> I know that MySQL has an AES encrypt function, and I know about the
> Crypt:: modules, but I'm not sure what is typically used as a key (eg,
> when multiple users need to see the same data), etc.
If multiple users have to access the same data, you have two
possibilities:
* Store the key(s) in the database.
That's not good: Anybody who has access to the database also has
access to the keys, and hence to the encrypted data - so why encrypt
at all?
* Give the key(s) to the users which need to access the data.
Not good either: Whenever someone leaves the company, you have to
choose new keys, reencrypt all the data, distribute the new keys ...
But you can combine these methods:
Choose random keys. For each user, encrypt the keys with a password
chosen by the user. Store the encrypted keys. When a user needs to
access some data, use his password to decrypt the keys and then decrypt
the data.
An attacker then needs access to the database plus a user's password to
access the data. But note that if he needs the password only once to
decrypt the keys. If the password is changed later, he still has access.
Therefore you should make sure that users do not have direct access to
their encrypted keys. To revoke a user's privileges, simply remove his
encrypted keys.
More elaborate schemes are possible, but you cannot be 100% safe against
an attacker who who has complete access to the database and the
application (I think - I would like to be proven wrong).
hp
-- _ | Peter J. Holzer | Shooting the users in the foot is bad. |_|_) | Sysadmin WSR / LUGA | Giving them a gun isn't. | | | hjp@wsr.ac.at | -- Gordon Schumacher, __/ | http://www.hjp.at/ | mozilla bug #84128
- application/pgp-signature attachment: stored
- Next message: Michael Peppler: "DBD::Sybase on MacOSX/ASE 12.5.1 (was: Re: Getting DBD-Sybase to Work)"
- Previous message: Remo Sanges: "Re: Installing DBD::mysql on MacOSX 10.3.2 (panther)"
- In reply to: Tim Howell: "Encrypting Data..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
