The classic response to the classic topic: if you can protect the
decryption key adequately, why not simply protect the password adequately?
Using encryption to enhance data security isn't a simple matter of
"turning it on" - you have to consider these sorts of issues or all
you'll be doing is giving yourself a false _sense_ of security while
remaining as vulnerable as ever.
One approach for key management is to keep the key on removable media
which are only inserted when the key is required. Naturally, this could
be done with a passwords property file as well. Would your DBA be
willing to be responsible for mounting a removable drive when a
key/password is required, and removing it when it is no longer required?
Do you have systems operators who could perform this duty?
Dominique Devienne wrote:
we would be interested in encrypting.
But then it's a chicken-and-egg problem, no?
Where are you going to store the passwords to decrypt the passwords
read from properties files? --DD
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
