| Subject | Does the database 'need' encryption? |
|---|---|
| Author | Lester Caine |
| Post date | 2010-11-07T17:47:52Z |
Just as a little sanity check here ...
I have a couple of situations where I am accessing the database over open
internet connections, or rather connections that I have control over.
In the first case, we can only gain access to the remote sites via an encrypted
VPN connection and the machines were are accessing are in a secure environment
which makes direct access virtually impossible. So I don't see a need to have
the data inside the database encrypted? What is going over the wire is already
secure?
The second case is access via a web interface. Again the database and web
servers are inside a secure environment, and so access is only via the web
pages, which are provided via https. So again should not need further encryption?
The situation of data being stored on a laptop or even a desktop machine and
lost may be a case for encrypting the data, but it has become common practice
NOT to allow the data to be retained on portable devices? With good quality
wireless/mobile connections, the relevant data can be displayed on a remote
machine, but it is simply stored in a secure environment, and all access TO the
data is logged and restricted as required?
So this does beg the question as to the need to spend a lot of time reinventing
the wheel, when in reality if the data is so sensitive as to need encryption,
then it is the paths to the data that need to be securely managed, rather than
simply the data itself?
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
I have a couple of situations where I am accessing the database over open
internet connections, or rather connections that I have control over.
In the first case, we can only gain access to the remote sites via an encrypted
VPN connection and the machines were are accessing are in a secure environment
which makes direct access virtually impossible. So I don't see a need to have
the data inside the database encrypted? What is going over the wire is already
secure?
The second case is access via a web interface. Again the database and web
servers are inside a secure environment, and so access is only via the web
pages, which are provided via https. So again should not need further encryption?
The situation of data being stored on a laptop or even a desktop machine and
lost may be a case for encrypting the data, but it has become common practice
NOT to allow the data to be retained on portable devices? With good quality
wireless/mobile connections, the relevant data can be displayed on a remote
machine, but it is simply stored in a secure environment, and all access TO the
data is logged and restricted as required?
So this does beg the question as to the need to spend a lot of time reinventing
the wheel, when in reality if the data is so sensitive as to need encryption,
then it is the paths to the data that need to be securely managed, rather than
simply the data itself?
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php