Subject | RE: [Firebird-Architect] Does the database 'need' encryption? |
---|---|
Author | Gary T. Benner |
Post date | 2010-11-07T19:29:45Z |
[Reply]
HI all,
To add to Lester's comment....
In open systems I've produced with "sensitive" data, I've placed the DB behind both an application front end, and a middle tier, ensuring that, for most practical purposes, the data in the DB itself is unreachable directly, and in normal use, only via the processes implemented in the application and middle tiers.
Management of the DB is via alternate network paths ( eg VPN on a separate IP number )
If data is that sensitive, I'd question placing it in any such location that it could be potentially attacked.
Having said that, I'm really enjoying the "battle of the titans" on this topic. I'm learning so much. Just wish the wolf would show some more love to our hardworking heLen.
kind regards
Gary
At 06:43 on 8/11/2010 you wrote
[Non-text portions of this message have been removed]
HI all,
To add to Lester's comment....
In open systems I've produced with "sensitive" data, I've placed the DB behind both an application front end, and a middle tier, ensuring that, for most practical purposes, the data in the DB itself is unreachable directly, and in normal use, only via the processes implemented in the application and middle tiers.
Management of the DB is via alternate network paths ( eg VPN on a separate IP number )
If data is that sensitive, I'd question placing it in any such location that it could be potentially attacked.
Having said that, I'm really enjoying the "battle of the titans" on this topic. I'm learning so much. Just wish the wolf would show some more love to our hardworking heLen.
kind regards
Gary
At 06:43 on 8/11/2010 you wrote
>Ref#: 41006
>
>Just as a little sanity check here ...
>
>I have a couple of situations where I am accessing the database over open >internet connections, or rather connections that I have control over.
>
>In the first case, we can only gain access to the remote sites via an encrypted >VPN connection and the machines were are accessing are in a secure environment >which makes direct access virtually impossible. So I don't see a need to have >the data inside the database encrypted? What is going over the wire is already >secure?
>
>The second case is access via a web interface. Again the database and web >servers are inside a secure environment, and so access is only via the web >pages, which are provided via https. So again should not need further encryption?
>
>The situation of data being stored on a laptop or even a desktop machine and >lost may be a case for encrypting the data, but it has become common practice >NOT to allow the data to be retained on portable devices? With good quality >wireless/mobile connections, the relevant data can be displayed on a remote >machine, but it is simply stored in a secure environment, and all access TO the >data is logged and restricted as required?
>
>So this does beg the question as to the need to spend a lot of time reinventing >the wheel, when in reality if the data is so sensitive as to need encryption, >then it is the paths to the data that need to be securely managed, rather than >simply the data itself?
>
>-- >Lester Caine - G8HFL
>-----------------------------
>Contact - http://lsces.co.uk/wiki/?page=contact
>L.S.Caine Electronic Services - http://lsces.co.uk
>EnquirySolve - http://enquirysolve.com/
>Model Engineers Digital Workshop - http://medw.co.uk//
>Firebird - http://www.firebirdsql.org/index.php
[Non-text portions of this message have been removed]