1. encrypting data in edb, revisited
- Posted by apeto1 Oct 08, 2011
- 1411 views
i believe i posted about this before here some time back. i needed to protect data in edb database, and ended up going with truecrypt.
problem is the application has grown, and there now have to be multiple databases on multiple partitions to implement access control. which is starting to become very problematic as many of the records need to be shared between multiple people and so are duplicated in more than one edb. also, some of the target systems are xp embedded, and truecrypt refuses to install here.
i need a secure reliable method to password protect individual records, so that they can be accessed by select departments but no others.
2. Re: encrypting data in edb, revisited
- Posted by DerekParnell (admin) Oct 08, 2011
- 1366 views
i needed to protect data in edb database, and ended up going with truecrypt.
... i need a secure reliable method to password protect individual records ...
Do you need to encrypt the DATA or just encrypt the PASSWORDS?
Data in an EDB database is already obscured so it is not easily readable by casual exploration.
Passwords should never really be stored anywhere, encrypted or not, on a system. Instead, a hash of the password plus userID is usually stored. This prevents even trusted system people from decrypting a password. And by combining a password with a userID before hashing makes sure that people with the same password still get different hash values. So to see when a person has entered the correct password, you simply make a hash of the entered password + userID and compare the resulting hash against the stored hash.
Another consideration for protecting the integrity of data base records is to implement record and table hashes. A record hash is just a hash of the complete record data appended to the record before saving any update to it. This prevents modifications to a record going undetected. Similarly, a table hash is a hash of all the record hashes so you can detect unauthorized record deletions and/or additions.
3. Re: encrypting data in edb, revisited
- Posted by apeto1 Oct 08, 2011
- 1326 views
the data. each record must be readable only to the set of departments that are authorised to read it (each departmend has its own password).the main concern is if the machine gets stolen or if a user wants to read data not allowed to then they should have no way to do so. right now this is done in seperate databases on seperate truecrypt partitions, which is really horrible solution. for one because the records must be access by more than one department and two because there are many database instead of just one to copy out to all users when master is updated (the copies are all read only).
4. Re: encrypting data in edb, revisited
- Posted by gbonvehi Oct 08, 2011
- 1319 views
You could encrypt/decrypt strings on write/read provided you don't search by them.
You could for example not encrypt category names, etc to let you do fast search and only crypt critical information. Of course it's an overhead.
Another way is to decrypt the file, use it and encrypt it again when closing the program.
http://rapideuphoria.com/cgi-bin/asearch.exu?dos=on&win=on&lnx=on&gen=on&keywords=crypt
Regards, Guillermo
5. Re: encrypting data in edb, revisited
- Posted by bill Oct 09, 2011
- 1285 views
Your first problem is EDB.
Your second problem is that encryption and read-only tables are not going to solve your problems without a lot of work. Encryption should be used to protect sensitive data not to control users.
What you need is:
- A server (preferably in a locked room).
- Records which partition by Department Group and Department.
- User department group, user department, and user ID.
- Views into the data which limit viewable records to those in the currently accessed department group.
It doesn't sound as if your data is correctly set up for this.
You really need a good relational database which provides views and constraints. Probably the best you can do at the moment is set up a server, create as many partitions as you need, put appropriate copies of the database on the partitions. Then each group has its own database.
Constraints you should meet:
- No record can be viewed by any user if it lacks an appropriate Department Group ID and Department ID.
- No user or admin can log in without providing a valid user name, user ID and Department.
- No user access to the database after hours or on the weekend (if this is appropriate).
- You should have logging set up so you can see who is connecting, how and when.
bj
6. Re: encrypting data in edb, revisited
- Posted by DerekParnell (admin) Oct 10, 2011
- 1230 views
i believe i posted about this before here some time back. i needed to protect data in edb database, and ended up going with truecrypt.
problem is the application has grown, and there now have to be multiple databases on multiple partitions to implement access control. which is starting to become very problematic as many of the records need to be shared between multiple people and so are duplicated in more than one edb. also, some of the target systems are xp embedded, and truecrypt refuses to install here.
i need a secure reliable method to password protect individual records, so that they can be accessed by select departments but no others.
Just a few questions to help me clarify the issues here.
Are you saying ...
- that each record in any given table can only be accessed by a specific set of people?
- that an individual can only access a specific set of records within any given table?
- that the data in the database should only be accessed via the application?
In other words, you must deny access to the entire database from people outside of the organization and control access to records (rather than whole tables) within the organization?
