Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Encryption inside database

Tags:

We would like to add additional layer of security to our database and we want to make sure that even if DB files will leak to public - noone will be able to reach the actual data inside it.

Additionaly we want to make sure that even if the encryption key will leak it will only allow to decrypt one or few rows, while others will still be inaccessible.

What are the best practices for doing that?

If it's important - we are using rails(5.1) + postgres(9.6) and our database is running in AWS RDS.

like image 959
Alex Keene Avatar asked Nov 26 '19 17:11

Alex Keene

People also ask

Can we encrypt data in database?

Like data, you can also encrypt the database. The database encryption process uses a specific algorithm to convert data into ciphertext. The main purpose of database encryption is to protect stored data. Therefore, if a hacker gets all the data, they won't be able to understand it.

What kind of encryption should be used within the database?

TDE Method: Transparent data encryption (TDE) executes encryption and decryption within the database engine itself. This method doesn't require code modification of the database or application and is easier for admins to manage.

What is encryption in DBMS?

Database encryption is the process of converting data, within a database, in plain text format into a meaningless cipher text by means of a suitable algorithm. Database decryption is converting the meaningless cipher text into the original information using keys generated by the encryption algorithms.

1 Answers

From the way your question is asked, you are simply not ready for this and heading for a world of pain if you try to tackle it. Again, applying a lot of inference, that you seem confused about where to start with this makes me think there are a lot of other security measures you have not put in place. Measures which might give you greater benefits for less cost and risk.

There are several different conventional models for applying encryption to data at rest. What you ask as additional requirements will require a tremendously complex application tier managing many, many encryption keys. Most experts would quake at the prospect of trying to implement this. Where are you going to store all the keys? What you've not asked is also very telling - what impact do you think opaque data has on query performance?

Yes, if your application sits in AWS there are different potential risks of direct file access than on a dedicated device - but you deal with that by using filesystem or block level encryption or the native capabilities of your DBMS (understanding what impact the latter has on your data access).

like image 103
symcbean Avatar answered Sep 29 '22 02:09

symcbean
Sign in to Comment

Related questions

Is there a way to specify the run loop & mode to to receive elements from a publisher
@ngrx/data - how can I extend a collection reducer / replace handling of the results of a data service call?
Loading executable or executing a library
Simulator vs Physical Device: NavigationLink broken after one use
Setting UITextField's textContentType to creditCardNumber overrides keyboardType setting?
ios Firebase Dynamic Link not opening installed app
How to save a ggplot2 graphic with the proper aspect ratio?
How can I unit test the getObject method of the AWS S3 SDK using Java?
Material Image List Error: @import "@material/feature-targeting/functions";
'React Hook useEffect has a missing dependency' warning with function
Will immutable objects with const parameters be optimized to be instantiated only once by the Kotlin compiler
Redirect with React Functional Components

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!