English 中文(简体)
database encryption questions
原标题:

We are using Sybase SQL Anywhere 11. We need to encrypt some of our tables in our database. I followed the instruction and did it. We selected the "strong" option with encryptionKey and AES256_FIPS algorithm. But there are something I am not clear about them.

  1. It will require encryptonKey when we create the database, remove the database and start the database server but it will NOT require encryptionKey when we stop the database server and connect to the server to create tables and add data. Why there is NO encryptionKey asked when we connect to it or try to stop the server? I am doing something wrong?

  2. don t know how to test the encryption? I still can see all plain text in the encrypted tables when I use Sybase Central tool. If somebody knows the database user name and password, he/she can connect to the database and read the content without the encryptionKey. is this right?

最佳回答

Most likely the SQL Anywhere tool captures the encryption key when you first enter it (i.e. at server startup) and then stores it in memory to decrypt for other operations. As @Adam Robinson said, the data needs to be encrypted in the filesystem or there s a back door by taking the "analog solution" and just parsing the raw file, which is a nice segue to your second question...

If you want to test the encryption, try locating and opening the file outside of the Sybase tools and see if you can spot any identifiable data. I would start with a simple text search for a string (create a cell with a unique string you can search for) and make sure its not there in the encrypted file. To verify, you could also parse a non-encrypted version of the database and make sure that you can find the string there.

时间:2010-06-09 15:55:43
问题回答

I can t speak specifically to Sybase s system, but database encryption in general is designed to encrypt at the file system level to prevent backdoor access to the database s data (i.e. reading the binary file and parsing it yourself rather than going through the RDBMS), not to prevent access or obfuscate data through the standard database interface (it s expected that you ll use your RDBMS s security mechanisms to do this).

时间:2010-06-09 15:48:36


上一篇:
下一篇:


相关问题
what is wrong with this mysql code

$db_user="root"; $db_host="localhost"; $db_password="root"; $db_name = "fayer"; $conn = mysqli_connect($db_host,$db_user,$db_password,$db_name) or die ("couldn t connect to server"); // perform query ...

时间:2009-11-14 00:00:13 回答:2 展示:1
Users asking for denormalized database

I am in the early stages of developing a database-driven system and the largest part of the system revolves around an inheritance type of relationship. There is a parent entity with about 10 columns ...

时间:2009-11-13 16:26:21 回答:13 展示:1
Easiest way to deal with sample data in Java web apps?

I m writing a Java web app in my free time to learn more about development. I m using the Stripes framework and eventually intend to use hibernate and MySQL For the moment, whilst creating the pages ...

时间:2009-11-13 15:58:04 回答:3 展示:1
join across databases with nhibernate

I am trying to join two tables that reside in two different databases. Every time, I try to join I get the following error: An association from the table xxx refers to an unmapped class. If the ...

时间:2009-11-09 19:14:14 回答:1 展示:1
How can I know if such value exists in database? (ADO.NET)

For example, I have a table, and there is a column named Tags . I want to know if value programming exists in this column. How can I do this in ADO.NET? I did this: OleDbCommand cmd = new ...

时间:2009-11-09 16:30:47 回答:4 展示:1
Convert date to string upon saving a doctrine record

I m trying to migrate one of my PHP projects to Doctrine. I ve never used it before so there are a few things I don t understand. In my current code, I have a class similar to this: class ...

时间:2009-11-05 22:42:07 回答:1 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全