WebApp Sec mailing list archives
"data at rest"
From: Eric Ilustrisimo <eric123 () gmail com>
Date: Tue, 30 Nov 2004 10:59:52 -0500
would anyone out there like to share what they are doing to secure data at rest? with more and more of our customers asking about it, we are exploring two solutions and probably will implement both - encrypting the database file on disk and encrypting sensitive data before inserting into the database. i am interested in what others are doing with the latter. our issue is that the sensitive data is data that needs to be searched on and possibly diplayed on the web. we are considering two approaches. the first is storing both a one-way encryption/hash on the data to enable searching and a masked version of the original data for display (i.e. 12XXXXXX34). this way we never store the original data in the db. the drawback is that we can't recover the original data, which might be needed for other processing. the second approach would be to store both a hash of the original data for searching and two-way encrypted data, which would allow us to decrypt the original data if needed, but will also be expensive (our app is high-volume) and we'll need to consider how to securely store the keys. any input is appreciated... thanks, eric
Current thread:
- "data at rest" Eric Ilustrisimo (Dec 01)
- Re: "data at rest" Tim (Dec 02)