Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I want to encrypt serialised customer details and store in a database to protect

ID: 655999 • Letter: I

Question

I want to encrypt serialised customer details and store in a database to protect against attacks where the attacker has access to the raw database records. The records then need to be accessible by multiple logged-in users, but do not need to be indexed nor searched.

The naive approach would be to use a system-wide key for symmetrical encryption using AES or similar, however I'm not sure that this is any more secure than no encryption at all.

Is it generally safe to say that raw DB access is more of a threat than source code access? Assuming so (which I believe to be the case in my situation), is there a better approach that I can use than one system-wide key?

Thanks

Explanation / Answer

The problem with direct access to the database is that users can extract large amounts of data e.g. SELECT * FROM TableName.

If you encrypt data in the database using transparent encryption, the users with access to the data see the encryption transparently or, in other words, they see clear text data. Even if they see encrypted data, they may have a view configured to see such data in the clear.

You could consider encrypting the data at the application layer. This means the data would be encrypted within the database so DBAs would only see encrypted data. The application can then decrypt and publish data depending on user privileges. This could be tuned so end users only see single pieces of data at a time rather than lists or volumes and logging could be enabled so you can identify who has accessed what data.

Then you need to consider how your key management is implemented so the encryption key used by application is not stored somewhere in clear text and is not available to any user. AES with a bit length of 128 or greater is a perfectly reasonable symmetric key to use.

Related Questions

I want to contribute to the open source community, but I\'ve never done it befor
Question #660848
I want to convert this JAVA code to C++ Please!! code: File Name: MyContact.java
Question #3718073
I want to convert this from C++ to Java, I am indexing a text file and returning
Question #3535088
I want to convert this java code to ML language: import java.util.*; public clas
Question #3651501
I want to count only words that have 3 letters in them. For example, if the user
Question #3631226
I want to count the number of worksheets in the workbook, however the directions
Question #639886
I want to cover the possible cases of attacking. My application already has capt
Question #658000
I want to creat a Matlab app (GUI) It must be a tuition calculator. So when you
Question #1840501
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I want to enable write-access in a Mac OS X installation for an NTFS partition i
Next
I want to ensure they\'re not downloading any illegal content (torrent websites

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.