Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Where to keep encryption key , DB?

Re: Where to keep encryption key , DB?

From: Gilbert W. Pilz Jr. <gilbert.pilz_at_e2open.com>
Date: Tue, 16 Oct 2001 01:50:06 -0700
Message-ID: <MPG.16359497ef9d8196989688@west.usenetserver.com> 





In article <3bcbee48$0$225$ed9e5944_at_reading.news.pipex.net>, n-
litchfield_at_audit-commission.gov.uk says...


> <pelln_at_icke-reklam.ipsec.nu.invalid> wrote in message

> news:9qemfv$nqf$2_at_nyheter.crt.se...

> > In comp.security.misc NetComrade <andreyNSPAM_at_bookexchange.net> wrote:

> > > We are planning to store credit card #'s in our database..

> >

> <snip>

> > The better method is : Don't try to obfuscate credit card info. MOVE IT

> > to a safe server.

> >

> > If a machine is exposed to Internet ( or other security hazards) it's

> > unwize to have any sensitive information on-line.

> 

> 

> This raises the question of how on earth do you conduct online commerce. Is

> it just impossible? If you are using an RDBMS to drive your ecommerce site

> then it has to have a communications channel to the internet site, though of

> course that channel should be secure etc. Maybe this is a FAQ on

> comp.security.misc but it isn't on the Oracle NG.




The commonly accepted way of doing this is with two firewalls, a web 
server, an application server, and a database server. The web server 
sits in the DMZ where it is accessible to the public. Requests are 
routed from the web server to the app server where they are carried out 
by whatever you use to implement your business logic. Database reads and 
writes are performed by the app server code against the database server. 
If you think carefully about security (authenticate at the web server, 
authorize at the app server and database server, and configure your 
firewalls correctly (amazing how many people never do the last)) through 
all these layers you can put up a pretty good defense.



As for encrypting the information in the database; by all means do so. 
Use a modern algorithm (I.e. not DES). Do not, repeat DO NOT put the 
key/passphrase anywhere on any disk on any system. Program your app 
server to prompt for the key on startup (don't use the command line 
because something like of a 'ps -ef' will reveal the key). Program the 
whole system so that, periodically during maintenance windows, you can 
change keys and re-encrypt the entire database.



If you do at least this much it will be enough to send the idiots away 
in search of easier pickings. The smart and determined are another 
matter . . 
Received on Tue Oct 16 2001 - 03:50:06 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US