Interesting approach. Wouldn't you have to encrypt and decrypt that data on the client only? Otherwise those sysadmins can see it in process memory. If the data is ever swapped to disk, it is exposed that way too.
Then there is the network. I presume you would use SSL, but if those encrypted packets contain important plaintext data, that sounds like a very strong incentive for someone to capture packets and work on cracking the SSL encryption. It sounds like they might get your shared secret too, which might be useful if the same shared key turns up in multiple applications. Also, aren't those RDBMs products using triggers and views to implement the feature? If so, a DBA with appropriate permissions can subvert the system. For example, one could substitute a trigger that also copies the plaintext data to a second location, for later perusal. So I think I prefer storage-level encryption, but if I had to do field-level I would do the encryption on the client and never even tell the server about it. -- Mike On 23 Apr 2012, at 11:50 , Florentine, George wrote: > Hey, Jason. You're right in that folks that care about encryption sometimes > provide that capability in file storage. We see that with some of the > customers we're working with. The problem with that approach is that from a > threat assessment perspective, you've still got a fair amount of exposure to > who can access the data if you put the encryption in the file system, > specifically sysadmins that have access to the server that's hosting the xml > database or any piece of code that can access the database. To eliminate > those kinds of threats, folks in the relational database world have > introduced the notion of field level encryption into their products. It can > be a PITA, because it can introduce some tight coupling between your data and > your application (the app needs to provide some sort of secret or shared > secret in order to decrypt the data) but it does reduce the possible attack > points to your data. > > I'd be curious if other folks have seen interest in providing encryption > directly in ML. > > thx, > > g > > > George Florentine > > VP, Engineering > > +1 (303) 542-2173 | Office > +1 (303) 669-8628 | Cell > +1 (303) 544-0522 | Fax > > [email protected] > > http://www.flatironssolutions.com > > > > > > > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jason Hunter > Sent: Monday, April 23, 2012 12:08 PM > To: MarkLogic Developer Discussion > Subject: Re: [MarkLogic Dev General] ML Data Encryption > > No, people who care about that use encrypted filesystems. > > -jh- > > On Apr 23, 2012, at 10:30 AM, Danny Sinang wrote: > >> Hello, >> >> I know ML compresses data when storing it on disk. >> >> But does it also encrypt it ? >> >> Regards, >> Danny >> >> >> _______________________________________________ >> General mailing list >> [email protected] >> http://developer.marklogic.com/mailman/listinfo/general > > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general > _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
