Re: Cryptology in the database

There's no pre-built solution on CPAN because there are two possible cases:

You have a storage location that is more secure than your database
You don't have such a location

In case 1) you can just store the keys there, the rest is a SMOP (small matter of programming)

In case 2) you're lost anyway. Even if you obscure the keys in a very clever way, you'll still have code that reverses that process (otherwise you couldn't access the keys).

Now if somebody has access to your database, he will probably have access to your code as well, make a copy of it, and dump the keys after the deobfuscation.

So anything that is in the case 2) just gives a false sense of security, and is IMHO not worth considering.

Comment on Re: Cryptology in the database

Replies are listed 'Best First'.
Re^2: Cryptology in the database by andreas1234567 (Vicar) on Mar 31, 2008 at 19:04 UTC
there are two possible cases. I don't find it all black or white. Consider an application server with a symmetric key stored in plain text on disk, connected to a database server which performs symmetric encryption on the data. Although the protection against an online attacker having filesystem access on the application server is very poor, it will still protect well against offline attacks on lost or stolen database disks. -- Andreas	[reply]

Replies are listed 'Best First'.

Re^2: Cryptology in the database
by andreas1234567 (Vicar) on Mar 31, 2008 at 19:04 UTC

there are two possible cases.

--
Andreas

[reply]