Database encryption or application level encryption?

前端 未结 4 1276
梦谈多话
梦谈多话 2021-02-05 21:33

When you need to store sensitive data such as CCs or SSNs, do you:

1) Build your own encryption routine within the application, define a secret key somewhere in a config

4条回答
  •  既然无缘
    2021-02-05 22:08

    When you encrypt sensitive data, you are essentially restricting access to those who have access to a key. The problem then becomes one of key management: ensuring only authorized people/systems have access to the key needed to decrypt the data.

    You should of course use a standard encryption algorithm, easy enough these days, but what you do need to think about is what threats you are protecting against, how you are going to control access to the key(s), and how you control physical access to the servers.

    Using TDE ensures that the contents of a database and its backups are encrypted, with minimal impact for authorized users of the database. So anyone who can access the database server with valid credentials will be able to see the unencrypted data. Also any DBA will usually have access to the key and be able to see the unencrypted data. But a third party who, say, gets hold of an offsite backup won't be able to access the data - which can be important for compliance with regulatory requirements.

    On the other hand, if you encrypt in the application tier, you can use a key that is only accessible by administrators of the application server. This potentially gives you more security, if, for example, database server and application server administrators are kept apart (e.g. members of different organizations). DBAs who don't have access to the application server key won't be able to see the data.

    In your original post, you talk about hiding a secret key in a configuration file on the application server. On the face of this, it sounds like the security equivalent of hiding the front door key under the doormat. If you do this, you need to think about how you will ensure that unauthorized people can't get access to the key.

提交回复
热议问题