Technical References - DB encryption

Database Automatic Encryption (from WebDNA 8.5)

numero = 1034
interpreted = N
texte = The idea behind it is to transparently encrypt (using Government Grade AES) a database just by including "_encrypted" in the database name. The decrypted database will never appear on disk, only the encrypted copy. However, it is decrypted on the fly when you open the database in RAM, and it resides unencrypted in the RAM of the computer, until you write back your database to disk, where the older version will be entirely overwritten. This allows all operations (writing, reading, searching...) to be executed as fast as usual. An example name would be "userbase_encrypted.db"

Security: there is no seed to rely on, as if someone has access to the disk, he would also have access to the seed.

The encrypted databases can still use a .hdr file, but it has to be plain text. Otherwise you can just let WebDNA encrypt the header in the .db file by running [addfields] on an empty "_encrypted.db" file.

To create an encrypted database

[writefile] alone won't work because it writes out unencrypted. If WebDNA tries to decrypt an encrypted .db file, but is unable to, it is treated as an empty file. It doesn't try to convert it. The way to create encrypted databases is with [addfields]:
[writefile test_encrypted.db][/writefile][addfields db=test_encrypted.db]zip=98765&city=Washington[/addfields][append db=test_encrypted.db]zip=12345&city=Boston[/append]
Do a [flushdatabases] and it will result in a small file full of gibberish on your hard drive. Writing out a 150MB AES encrypted database takes about 3 seconds. Most of that time is spent waiting on disk IO. You can use [spawn] to save these seconds:
[spawn][flushdatabases][/spawn]
or
[spawn][commitdatabase db=test_encrypted.db][/spawn]
The idea behind it is to transparently encrypt (using Government Grade AES) a database just by including "_encrypted" in the database name. The decrypted database will never appear on disk, only the encrypted copy. However, it is decrypted on the fly when you open the database in RAM, and it resides unencrypted in the RAM of the computer, until you write back your database to disk, where the older version will be entirely overwritten.
This allows all operations (writing, reading, searching...) to be executed as fast as usual.

An example name would be "userbase_encrypted.db"

Security: there is no seed to rely on, as if someone has access to the disk, he would also have access to the seed.



The encrypted databases can still use a .hdr file, but it has to be plain text. Otherwise you can just let WebDNA encrypt the header in the .db file by running [addfields] on an empty "_encrypted.db" file.



To create an encrypted database



[writefile] alone won't work because it writes out unencrypted. If WebDNA tries to decrypt an encrypted .db file, but is unable to, it is treated as an empty file. It doesn't try to convert it.

The way to create encrypted databases is with [addfields]:

[writefile test_encrypted.db][/writefile]
[addfields db=test_encrypted.db]zip=98765&city=Washington[/addfields]
[append db=test_encrypted.db]zip=12345&city=Boston[/append]


Do a [flushdatabases] and it will result in a small file full of gibberish on your hard drive.

Writing out a 150MB AES encrypted database takes about 3 seconds. Most of that time is spent waiting on disk IO.

You can use [spawn] to save these seconds:

[spawn][flushdatabases][/spawn]

or
[spawn][commitdatabase db=test_encrypted.db][/spawn]

DOWNLOAD WEBDNA NOW!

Top Articles:

[biotype]

BioType is a behavioral biometrics WebDNA function based on ADGS research and development (from version 8...

AWS Raw WebDNA LAMP-Plus WebServer

Amazon Web Services (AWS) README for Machine Image ID...

WebDNA Modules

A list of the currently available modules...

Download WebDNA Applications

WebDNA applications...

WebDNA Libraries

A list of available libraries for WebDNA...

Technical Change History

This Technical Change History provides a reverse chronological list of WebDNA changes...

Related Readings:

[encrypt]

[encrypt] and [decrypt] allow you to store sensitive data in your databases without risk of exposing it to prying eyes...

[switch]

Executes the WebDNA inside the only [case] context which matches the given value...

[table]

[table] allows you to quickly create a temporary 'in line' database that is local to the template and not part of the global database cache...

[orderfile]

Displays the contents of a shopping cart...

formulas.db

The formulas...

[DOS]

Executes the DOS batch file commands contained in the context and displays the results...