WebApp Sec mailing list archives
RDB-based secure data storage
From: "Calum Power" <enune () fribble net>
Date: Thu, 13 May 2004 16:03:18 +1000 (EST)
G'day webappsec, I have been asked by my employer to design a system for storing sensative private data collected from the company's clients. They tell me that this data MUST be very secure, yet clients must be able to update the information themselves via a Web-based interface. My immediate reaction was to use something like GPG/PGP to encrypt the data before storing it in a RDBMS like MySQL. However this then has the additional problem of needing the user to edit the data. My next thought would be to have each clients 'username' be a public GPG key, and their 'password' be the passphrase to this private key. This of course would not be overly secure, and the 'administrator' of this would not be able to update the information without using the users' password. So, I was just wondering if anyone had come across the same problem. Perhaps there's a method of encryption that I'm overlooking. Cheers, Calum -- Calum Power Cultural Jammer Security Enthusiast Hopeless Cynic enune () fribble net http://www.fribble.net
Current thread:
- RDB-based secure data storage Calum Power (May 13)
- Re: RDB-based secure data storage Ivan Ristic (May 13)
- Re: RDB-based secure data storage Calum Power (May 14)
- Re: RDB-based secure data storage Ivan Ristic (May 14)
- Re: RDB-based secure data storage Calum Power (May 14)
- <Possible follow-ups>
- RE: RDB-based secure data storage Klevitsky, Alexander (May 13)
- RE: RDB-based secure data storage Michael Silk (May 14)
- RE: RDB-based secure data storage Runion Mark A FGA DOIM WEBMASTER(ctr) (May 14)
- Re: RDB-based secure data storage Ivan Ristic (May 13)