WebApp Sec mailing list archives
Securing data from the browser to the DB
From: Yousef Syed <yousef.syed () gmail com>
Date: Mon, 28 Nov 2005 10:13:53 +0000
Hi guys, I need to secure data from the browser all the way to the DB (Oracle 10g). At the moment we're setting "No Cache" and using HTTPS; then encrypting the data on the Webserver before transfering it across to the DB, where it will be Encrypted again. Now, I've been told that reports will be run on the DB by a separate tool that will not go via the Web Server or J2EE Application Server. Now, I don't see how we can encrypt on the Webserver if another reporting tool will access the DB, by passing our Encryption/Decryption code. Given this situation, what is the best way to go about securing the data and making it available to other systems? Thanx, ys -- Yousef Syed 'One senior official said the consultancy "doesn't have the greatest of reputations among civil servants. They come and state the bleeding obvious using Powerpoint".'
Current thread:
- Securing data from the browser to the DB Yousef Syed (Nov 28)
- Re: Securing data from the browser to the DB Eoin Keary (Nov 28)
- Re: Securing data from the browser to the DB Yousef Syed (Nov 28)
- Re: Securing data from the browser to the DB Joe Teff (Nov 29)
- Re: Securing data from the browser to the DB Eoin Keary (Nov 28)