SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,117
    Mentioned
    28 Post(s)
    Tagged
    2 Thread(s)

    securing numeric types

    Text fields can be encrypted, but what's best practice in securing numeric types if you want to be able to use functions like average etc.. ?

    Thanks

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    AVG(AES_DECRYPT(column, 'key')) ?

    Do you really need to encrypt the individual values in a database?

    I have never heard of someone encrypting the values of every column in a table.

  3. #3
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,117
    Mentioned
    28 Post(s)
    Tagged
    2 Thread(s)
    Interesting, I imagine it would have a huge performance problem as it would need to decrypt all the data before running the average but that's understandable.

    Do you really need to encrypt the individual values in a database?
    I have never heard of someone encrypting the values of every column in a table.
    Not every column, certain data that is considered too sensitive - passwords, and certain numeric fields like scores that are very valuable to the client.
    There's two main reasons:
    So that developers internally don't have access to the clients sensitive data.
    If security is breached and someone has access to the data they can't make sense of it.

    Thanks,

  4. #4
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Maybe you could just encrypt the user identifier and password, so that someone looking at the database (internally or a hacker) has no idea who the numbers go with.

  5. #5
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,117
    Mentioned
    28 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by Dan Grossman View Post
    Maybe you could just encrypt the user identifier and password, so that someone looking at the database (internally or a hacker) has no idea who the numbers go with.
    You would probably need to encrypt about 50 times the information if you try and hide who the data belongs to.
    I'm assuming it's easiest to only encrypt the sensitive data.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •