Re: Any suggestions on encryption methodology?
On 6/23/08, Tye <[EMAIL PROTECTED]> wrote: > When the user hits submit, I want the SSN to be encrypted, stored in a > database (encrypted), read from a database (encrypted) by a secure, > authorized & authenticated connection, and decrypted somewhere along > the end of the line for appropriate viewing discretion. This is exactly what Thales's solutions could do for you... ### Time-to-time we had to implemented some encryption/decryption by ourself, but each solution has at least one crucial point and it is key management. Typically, we use key compound of two independand keys generated from passwords hold by two senior managers, which have to change their password regularly (e.g. 4 weeks) and simultaneously -> data has to be reencrypted once both password has been changed. And to reencrypt huge amount of data under single transaction - it is not an easy task - e.g. we fought with transaction log overflow etc... And another potential problem are SQL expressions referring encrypted data - to avoid full scan, you need encrypt a querying value before SQL command is executed to be able use indeces. Peter --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Any suggestions on encryption methodology?
Peter said: """ I don't know what kind of application you implement and how sensitive data actually are """ Let sensitive data = social security number, credit card info When the user hits submit, I want the SSN to be encrypted, stored in a database (encrypted), read from a database (encrypted) by a secure, authorized & authenticated connection, and decrypted somewhere along the end of the line for appropriate viewing discretion. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Any suggestions on encryption methodology?
On 6/23/08, Tye <[EMAIL PROTECTED]> wrote: > Say - for the sake of example - I'm accepting highly sensitive > financial data through a form over SSL. > > Staff members need to retrieve that information at a later time. > > Meanwhile, I want that data to be encrypted while it's sitting in the > database. What do you suggest? I don't know what kind of application you implement and how sensitive data actually are, but FYI, there are countries having strict enacts of point-to-point encryption e.g. in banking e.g. between SIM in your mobile phone as a client and AS400 as a banking host. No decryption/reencryption in the middle. AFAIK, *reliable* solution is *always* built on specialized HW, e.g. http://www.thales-esecurity.com/solutions/Database_protection.shtml HTH, Peter --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Any suggestions on encryption methodology?
Say - for the sake of example - I'm accepting highly sensitive financial data through a form over SSL. Staff members need to retrieve that information at a later time. Meanwhile, I want that data to be encrypted while it's sitting in the database. What do you suggest? Sent from my iPhone --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---