And don't forget the network traffic between the server and the DB. Which can be encrypted using MS encryption libraries for a ... ahem ... small fee.
-Mark Mark A. Kruger, MCSE, CFG (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Friday, April 01, 2011 10:10 AM To: cf-talk Subject: Re: Data Encryption > purely regulations of medical authorities! If your goal is simply to be able to say that data is encrypted, you could simply store the database files on an encrypting filesystem of some sort. But that wouldn't really prevent people from reading them assuming those people didn't just steal the hard drive from the computer. If your goal is to prevent people from accessing the database directly, that's less a matter of encryption and more of limiting access to ports, using logins, etc. If your goal is to prevent people from accessing the database maliciously from your web application, then you typically have to (a) use PKI and (b) limit what you can do with the key that your application will presumably possess. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343463 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm