Architecture of a secure application that encrypts data in the database Architecture of a secure application that encrypts data in the database database database

Architecture of a secure application that encrypts data in the database


java database architecture encryption cryptography

This is a customer's requirement.

Customer's requirements must be projected onto the real world.

If your application can read some business data, and if the aggresor takes control of your application, then the agressor can read that business data.

Assymetric cryptography won't do magic.

java database architecture encryption cryptography

The place to store the private key is with the client, and decrypt it only on the client. The data would need to be at no time decrypted, read or passed through the server in unencrypted form.

java database architecture encryption cryptography

I am not sure about the database options, but it's worth to have a look at Oracle Advanced Security(OAS). But, the key is not stored inside the database but in Oracle wallet (OS managed), as far as I can see, compromising this is hard.

OAS supports encryption at tablespace level and at column level. All these, it claims to be performing with no overhead.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last