Security Basics mailing list archives

Re: Securing data from Database Admin

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 27 Mar 2008 23:48:50 +0100

On 2008-03-27 Ali, Saqib wrote:

How about just encrypting the fields in the database? This way the
application and application developers will have access to usable
(i.e. decrypted) data whereas the Database Administrators will only
see encrypted data but will still be able to perform their job
(backup, restore etc).


And to actually work with the data you'd have to retrieve the contents
of entire tables from the database, decrypt them on the client and then
run your actual query on the now-local data. IOW you lose almost any
advantage a database gives you.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

RE: File sharing with Bittorrent: what possible security threads?, (continued)
- - - RE: File sharing with Bittorrent: what possible security threads? Nazeem Jansen (Mar 27)
    - Re: File sharing with Bittorrent: what possible security threads? Razi Shaban (Mar 27)
    - Re: RE: File sharing with Bittorrent: what possible security threads? Adam Pal (Mar 27)
    - Re: File sharing with Bittorrent: what possible security threads? postmaster (Mar 27)
    - RE: File sharing with Bittorrent: what possible security threads? Kevin Ortloff (Mar 27)
    - Re: File sharing with Bittorrent: what possible security threads? Thomas Jespersen (Mar 27)
    - Re: File sharing with Bittorrent: what possible security threads? Razi Shaban (Mar 27)
  - Re: File sharing with Bittorrent: what possible security threads? Thomas Jespersen (Mar 27)
  - Securing data from Database Admin WALI (Mar 27)
    - Re: Securing data from Database Admin Ali, Saqib (Mar 27)
    - Re: Securing data from Database Admin Ansgar -59cobalt- Wiechers (Mar 28)
    - Re: Securing data from Database Admin postmaster (Mar 27)