WebApp Sec mailing list archives
Re: Securing encrypted data in RAM vs MSSQL
From: George Capehart <gwc () acm org>
Date: Thu, 1 Jul 2004 17:06:08 -0400
On Wednesday 30 June 2004 20:51, Dave Andrews allegedly wrote:
Hello All, Is anyone aware of a way to store encrypted sensitive data in RAM for access via a web application using ASP? It would be posted in the same manner. Is storing in RAM preferable to using an encrypted database, in this case SQL 2000? Is there anyway to securely delete or timeout the data after a certain period of time? If you discard the data are there potential problems with California SB 1386 and being able to track intrusions and possible data compromise? I'm not a developer, but want a better solution than what the developers and client have proposed.
Dave, Answers to crypto questions are very seldom simple or short. You've asked some pretty open-ended questions for which there are many answers. Choosing from among them will be your real task. Before you do, I would urge you to at least skim _Practical_Cryptography_ by Niels Ferguson and Bruce Schneier (ISBN 0-471-22357-3). Doing crypto well is *very* hard. This book should help provide you with a context from within which to evaluate the answers you get. Best regards, George Capehart -- George W. Capehart Key fingerprint: 3145 104D 9579 26DA DBC7 CDD0 9AE1 8C9C DD70 34EA "With sufficient thrust, pigs fly just fine." -- RFC 1925
Current thread:
- Securing encrypted data in RAM vs MSSQL Dave Andrews (Jul 01)
- Re: Securing encrypted data in RAM vs MSSQL George Capehart (Jul 01)
- <Possible follow-ups>
- RE: Securing encrypted data in RAM vs MSSQL Stan Guzik (Jul 01)
- Re: Securing encrypted data in RAM vs MSSQL Toro, Daniel (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Bénoni MARTIN (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Yvan Boily (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Dean Saxe (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Bénoni MARTIN (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Mark Curphey (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Dave Andrews (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Philip Wagenaar (Jul 02)
- Re: Securing encrypted data in RAM vs MSSQL Lucas Holt (Jul 06)
- RE: Securing encrypted data in RAM vs MSSQL Philip Wagenaar (Jul 02)
(Thread continues...)