Well, what OS is on the machine that holds the database? If it is Windows
2000, you can use EFS, with the correct patches. This will Encrypt and
Decrypt on the fly. All you would need to do is specify which users will
have access to the file(s).
Or, you can set local NTFS permissions for this file. That is what we do in
our NT shop. Limit access to those that belong into a certain group, like
the SECADMINS or something like that.
Chris Lynch, MCSE CCNA
Network Engineer
NRT, Inc.
[EMAIL PROTECTED]
----- Original Message -----
From: "Joost De Cock" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 1:25 AM
Subject: Decryption on the fly
>
> Hello all,
>
>
> in my company, we have a database that contains all passwords to servers,
> apps,... you name it.
> It sits on a network drive with very limited NTFS permissions, and it's
> encrypted (PHP).
>
> They way we do it now is this:
>
> We decrypt the database (it's only to be decrypted by the secadmins (3)
> private keys) we read it, and then we remove the decrypted copy.
> Needles to say that even secadmins forget to remove the decrypted copy
every
> now and then.
>
> Is there a way to decrypt it on the fly, so that no copy is stored on the
> disk (I guess only in RAM) that provides the same possibility to limit
> access to certain private keys.
> Would that maybe involve writing an interface to do the job (eg a php page
> that can run a query on the database) or is there an off-the-shelf
solution
> to this.
>
> I'd be pleased to hear your ideas about this.
>
> Kind regards,
>
> Joost De Cock
> ASTRID NV
> Security Administrator
>
>
> **********************************************************************
> The information in this mail is confidential and is intended solely
> for the addressee(s).
> Access to this email by anyone else is unauthorised. If you are not
> an intended recipient, you must not read, use or disseminate the
> information contained in the email.
> **********************************************************************
>
>
