Firewall Wizards mailing list archives
DMZ databases
From: "Scott, Richard" <Richard.Scott () bestbuy com>
Date: Wed, 29 Mar 2000 06:51:50 -0600
Greetings all, I was wondering what forms of database security anyone out there is currently recommending for Customer held information in public databases. One example could be Social Security numbers, another would be Credit Cards information and so on. I have seen some solutions use the SQL encrypt/decrypting (e/d) of a stored procedure to access this information. However, in the even that the SQL box is compromised internally, this isn't affective. Using symmetric encryption is the problem. Where do we store the keys, and if we write a procedure to e/d the data., surely this could be executed by the person compromising the Database. Any thoughts, to how certain important information is stored in a DB? Cheers r. Richard Scott BestBuy.Com * Tel: 001-(612)-995-5432 * Fax: 001-(612)-947-2005 * Best Buy World Headquarters 7075 Flying Cloud Drive Eden Prairie, MN 55344 USA The views expressed in this email do not represent Best Buy or any of its subsidiaries.
Current thread:
- DMZ databases Scott, Richard (Mar 29)