Re: encrypted database

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 58684
interpreted = N
texte = Thank you Brian for this explaination. The idea is to keep all data encrypted in the database, but without disallowing services like search, and without any easy-to-find "seed" in the templates: the customer idea is to protect his data if his server is stolen, which already happened. What about keeping the database copy encrypted on disk and working on a decrypted RAM copy? not sure if this is possible. If not, we'll encrypt only the sensitive part of the data, which does not need to be searchable. As for hiding the seed, just found it on the WebDNA Programmer Guide, chapter 4 "encrypting template" with I guess an encrypted template could in turn contains [encrypt] tags. chris On Jun 28, 2004, at 19:11, Brian Fries wrote: > You will need to double-url the encrypted values in your APPEND, and > single-unurl them in you FOUNDITEMS. WebDNA performs a single unurl on > the values being appended, so with the double-url you are left with a > single-url'ed value written to the database, which will avoid > dangerous characters being written out. > > [append db=SomeDatabase.db]name=[url][url][encrypt > seed=abcedfg][name][/encrypt][/url][/url]&...[/append] > > [founditems] > [decrypt seed=abcdefg][unurl][name][/unurl][/decrypt]... > [/founditems] > > As for searching, you'd be pretty screwed. You cannot even search with > an EQ on seed-encrypted values, as the same seed applied to the same > value may result in a different encrypted value. If you encrypt > without a seed, you will get a consistent encrypted value but it > cannot be decrypted (this lets you compare encrypted passwords, for > example, but not retrieve their original decrypted value). > > I don't know of any way to hide the seed from someone with access to > the source code. > > - brian > > > > On Jun 28, 2004, at 2:57 PM, Christophe Billiottet wrote: > >> Hello! is it safe to encrypt every single data loaded in a WebDNA >> database (that may become quite large, +40 meg with time) using >> >> [Append db=SomeDatabase.db]name=[Encrypt >> seed=abcdefg][name][/Encrypt]&address=[Encrypt >> seed=abcdefg][address][/Encrypt][/Append] >> >> and is WebDNA still able to do some searching in the encrypted >> database ? what would be the proper way to search? >> >> >> [Search db=SomeDatabase.db&eqNAMEdata=[Encrypt >> seed=abcdefg][name][/Encrypt]] >> [FoundItems] >> [Decrypt seed=abcdefg][Name][/Decrypt], [Decrypt >> seed=abcdefg][Address][/Decrypt]
>> [/FoundItems] >> [/Search] >> >> also, how to hide the "seed" in the templates in case the disk is >> stolen? (requested by the customer) >> >> Thank you! >> chris > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: encrypted database ( Brian Fries 2004)
  2. Re: encrypted database ( Chris 2004)
  3. Re: encrypted database ( Brian Fries 2004)
  4. encrypted database ( Chris 2004)
  5. Re: Encrypted Databases (Tom Duke 2000)
  6. Re: Encrypted Databases (WebDNA Support 2000)
  7. Re: Encrypted Databases (Kenneth Grome 2000)
Thank you Brian for this explaination. The idea is to keep all data encrypted in the database, but without disallowing services like search, and without any easy-to-find "seed" in the templates: the customer idea is to protect his data if his server is stolen, which already happened. What about keeping the database copy encrypted on disk and working on a decrypted RAM copy? not sure if this is possible. If not, we'll encrypt only the sensitive part of the data, which does not need to be searchable. As for hiding the seed, just found it on the WebDNA Programmer Guide, chapter 4 "encrypting template" with I guess an encrypted template could in turn contains [encrypt] tags. chris On Jun 28, 2004, at 19:11, Brian Fries wrote: > You will need to double-url the encrypted values in your APPEND, and > single-unurl them in you FOUNDITEMS. WebDNA performs a single unurl on > the values being appended, so with the double-url you are left with a > single-url'ed value written to the database, which will avoid > dangerous characters being written out. > > [append db=SomeDatabase.db]name=[url][url][encrypt > seed=abcedfg][name][/encrypt][/url][/url]&...[/append] > > [founditems] > [decrypt seed=abcdefg][unurl][name][/unurl][/decrypt]... > [/founditems] > > As for searching, you'd be pretty screwed. You cannot even search with > an EQ on seed-encrypted values, as the same seed applied to the same > value may result in a different encrypted value. If you encrypt > without a seed, you will get a consistent encrypted value but it > cannot be decrypted (this lets you compare encrypted passwords, for > example, but not retrieve their original decrypted value). > > I don't know of any way to hide the seed from someone with access to > the source code. > > - brian > > > > On Jun 28, 2004, at 2:57 PM, Christophe Billiottet wrote: > >> Hello! is it safe to encrypt every single data loaded in a WebDNA >> database (that may become quite large, +40 meg with time) using >> >> [Append db=SomeDatabase.db]name=[Encrypt >> seed=abcdefg][name][/Encrypt]&address=[Encrypt >> seed=abcdefg][address][/Encrypt][/Append] >> >> and is WebDNA still able to do some searching in the encrypted >> database ? what would be the proper way to search? >> >> >> [Search db=SomeDatabase.db&eqNAMEdata=[Encrypt >> seed=abcdefg][name][/Encrypt]] >> [founditems] >> [Decrypt seed=abcdefg][Name][/Decrypt], [Decrypt >> seed=abcdefg][Address][/Decrypt]
>> [/FoundItems] >> [/Search] >> >> also, how to hide the "seed" in the templates in case the disk is >> stolen? (requested by the customer) >> >> Thank you! >> chris > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Christophe Billiottet

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

RE: Adding headers to email (1997) WebCat2: Items xx to xx shown, etc. (1997) strange math (2004) Authorize.Net down 2 days in row (2004) Search returns all, not 20 (1997) Auto Web Pages (1999) sorting and grouping (1998) Server IP address? (1998) unable to run webcatalog locally (1998) Extra carriage returns (1999) WebCatalog for guestbook ? (1997) Help needed! (1998) WebDNA wholesale ... (2002) Fwd: virtual domain and [listfile] paths and aliases (1998) Cancel Subscription (1996) webcat and OS 8 (1997) form data submission gets truncated (1997) WebCommerce: Folder organization ? (1997) using showpage and showcart commands (1996) WebCat2 - [include] tags (1997)