All geek questions in one place

A secure application architecture that encrypts data in a database

I need to create an application that protects some data in the database from a root attack. This means that even if the aggressor takes control of the machine on which the data is stored, or on the machine with the application server, he cannot read some data important for business from the database. This is a customer requirement. I'm going to encrypt data using some asymmetric algorithm, and I need good ideas, where to store secret keys to ensure data security, as well as the convenience of using the application was quite comfortable? For simplicity, we can assume that only one key pair is used.

+4
source share
4 answers

I'm not sure about the database options, but take a look at Oracle Advanced Security (OAS). But the key is not stored in the database, and in the Oracle code (managed OS), as far as I can see, it is difficult to compromise.

OAS supports encryption at the table space and column level. All this, he claims, does without overhead.

+1
source

This is a customer requirement.

Customer requirements must be projected into the real world.

If your application can read some business data, and if the aggregator takes control of your application, then the aggressor can read this business data.

Asymmetric cryptography will not do magic.

+8
source

The place to store the private key is located at the client and is decrypted only on the client. Data should not be decrypted, read or transmitted through the server in unencrypted form.

+3
source

Look at the question , especially the resources mentioned in the original question.

I can approve the book as an excellent overview of the problems in creating such systems.

+1
source

Source: https://habr.com/ru/post/1307145/

More articles:


All Articles