Re: Securing data from the browser to the DB

[Yousef Syed <yousef.syed () gmail com>]

I suppose that limits me to the encryption algorithms that the
reporting tool will work with?
Will this solution work even where only selected data within the same
form is encrypted (some of which is to remain encrypted)?

thanx,
ys

On 28/11/05, Eoin Keary <eoinkeary () gmail com> wrote:
> you should be using a recognised encryption scheme not a home made one.
> then you can pass the key to the other application assuming is
> supports the encryption scheme you are using. You shouldnt need to
> pass "encryption code" only the key?
>
>
> On 28/11/05, Yousef Syed <yousef.syed () gmail com> wrote:
> > Hi guys,
> > I need to secure data from the browser all the way to the DB (Oracle 10g).
> > At the moment we're setting "No Cache" and using HTTPS; then
> > encrypting the data on the Webserver before transfering it across to
> > the DB, where it will be Encrypted again.
> >
> > Now, I've been told that reports will be run on the DB by a separate
> > tool that will not go via the Web Server or J2EE Application Server.
> > Now, I don't see how we can encrypt on the Webserver if another
> > reporting tool will access the DB, by passing our
> > Encryption/Decryption code.
> >
> > Given this situation, what is the best way to go about securing the
> > data and making it available to other systems?
> >
> > Thanx,
> > ys
> >
> >
> > --
> > Yousef Syed
> > 'One senior official said the consultancy "doesn't have the greatest
> > of reputations among civil servants. They come and state the bleeding
> > obvious using Powerpoint".'


--
Yousef Syed
"One senior official said the consultancy "doesn't have the greatest
of reputations among civil servants. They come and state the bleeding
obvious using Powerpoint"."