Encrypting data in a database
-
Hey all, I'm looking to store sensitive data in an oracle database. Oracle has some neat encryption features that allow you to send a key for decryption purposes. The application ties into Active Record for authentication and permission management. I'm trying to come up with a way to store individuals personal records in such a way that they are accessible to others (using groups / permissions) but are not kept in plain text. How do you encrypt something that is capable of decryption (DES3 or AES)while not storing the decryption key somewhere accessible to a developer or dba? Leaving a certificate in the development tree isn't an option either because of the nature of the company (no real passwords in source control). Any thoughts? Best, Jon Lebensold
-
Hey all, I'm looking to store sensitive data in an oracle database. Oracle has some neat encryption features that allow you to send a key for decryption purposes. The application ties into Active Record for authentication and permission management. I'm trying to come up with a way to store individuals personal records in such a way that they are accessible to others (using groups / permissions) but are not kept in plain text. How do you encrypt something that is capable of decryption (DES3 or AES)while not storing the decryption key somewhere accessible to a developer or dba? Leaving a certificate in the development tree isn't an option either because of the nature of the company (no real passwords in source control). Any thoughts? Best, Jon Lebensold
Have you come up with any solution to this?
"Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
Have you come up with any solution to this?
"Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Well, the project is on hold but here's what I've come up with so far: You store a plaintext string (i.e. "helloworld" in the web.config) You then setup IIS so that the application doesn't recycle memory. You store a general decryption key in AppState of the application (essentially keeping the key only in memory) You use the decryption key to take your plaintext string and encrypt it (so "helloworld" becomes whatever it would be with your AES encrypted string turns it into, with or without a salt) and then you take THAT and place it into the web.config. This way, the actual key isn't stored on the server, the config files or in the database. I do know, however that microsoft has a tool for encrypting parts of your web.config, but I haven't looked into it (and only discovered it after the architecture I had just proposed.) When the application first loads, it checks to see if the key in AppState can encrypt "helloworld" to match the encrypted string in the web.config. In terms of assigning permissions to different users, you could use this same key to encrypt all the strings in the database, including a 1-many mapping of passwords to users with permission to see them. let me know if you come up with anything better!