Encrypt critical data in the database

0

Thinking about security, and minimizing problems if someone unauthorized can gain remote access to the database server, I thought about encrypting the critical data.

Critical (customer-defined) data examples:

  • Credit card number: string;
  • Credit card security code: integer;
  • Wages: currency;
  • Company name: string;
  • CPNJ: string;
  • Full name: string;
  • CPF: string;
  • Revenue values: currency;
  • Receipt dates: currency;

But it would not be viable if you lost features in the encrypted fields like:

  • order by CAMPO_CRIPTOGRAFADO
  • group by CAMPO_CRIPTOGRAFADO
  • where / having CAMP_CRIPTOGRAPHED like 'AB%'
  • where / having CAMP_CRIPTOGRAPHED between 50 and 56
  • where / having CAMP_CRIPTOGRAPH between '2016-01-01' and '2016-01-31'
  • where / having FILE_CRIPTOGRAPHY > 23
  • where / having FILE_CRIPTOGRAPHED < '2016-01-01'

Is there a relational database, preferably freeware , that supports field encryption without losing the above features?

    
asked by anonymous 08.10.2016 / 14:03

1 answer

4

First, follow what Lacobus says in the question comment.

One of the things you should do is encrypt the database as a whole. It is not a 100% secure solution, but it is the simplest to do and it will probably give you the best security you can get.

Once this is done, the access will be transparent. But if the server is compromised the information will not be secure. The only way to ensure that information is never accessed improperly is to ensure that it is not even properly done :) And worse, undue might one day happen with much effort and discovery that the technique used was not as good as imagined. The due form of access will probably not occur because no one will strive for it. That is, it is impossible to do what you want.

Essentially every database on the market allows you to do encryption in one way or another, even SQLite which is very simple to do with a little extra effort.

If you want to encrypt something specific just give it too.

Encryption works on persistence (in storage), a compromised server can be accessed at other points where the data is not encrypted, for example.

You could have end-to-end encryption, which would destroy the database function.

    
08.10.2016 / 15:56