Re: encrypted database

This WebDNA talk-list message is from

2004

It keeps the original formatting. numero = 58685
interpreted = N
texte = You could load all the records into a decrypted table then search that, but you would need to load the table every time a page is loaded that needs it. WebDNA has no provision for RAM data objects that persist between page hits other than its RAM cache of open databases, which are identical to their disk counterparts (i.e. encrypted in your case). If your databases are small, or only accessed infrequently, this could be done, but with any significant traffic and data volume the performance would take a big hit.As for encrypted templates, that may work for hiding the seed. I haven't done more than a little fooling around with encrypted templates, so I don't know.- brianOn Jun 28, 2004, at 4:49 PM, Christophe Billiottet wrote:> Thank you Brian for this explaination. The idea is to keep all data > encrypted in the database, but without disallowing services like > search, and without any easy-to-find "seed" in the templates: the > customer idea is to protect his data if his server is stolen, which > already happened.> What about keeping the database copy encrypted on disk and working on > a decrypted RAM copy? not sure if this is possible. If not, we'll > encrypt only the sensitive part of the data, which does not need to be > searchable.>> As for hiding the seed, just found it on the WebDNA Programmer Guide, > chapter 4 "encrypting template" with> > I guess an encrypted template could in turn contains [encrypt] tags.>> chris>> On Jun 28, 2004, at 19:11, Brian Fries wrote:>>> You will need to double-url the encrypted values in your APPEND, and >> single-unurl them in you FOUNDITEMS. WebDNA performs a single unurl >> on the values being appended, so with the double-url you are left >> with a single-url'ed value written to the database, which will avoid >> dangerous characters being written out.>>>> [append db=SomeDatabase.db]name=[url][url][encrypt >> seed=abcedfg][name][/encrypt][/url][/url]&...[/append]>>>> [founditems]>> [decrypt seed=abcdefg][unurl][name][/unurl][/decrypt]...>> [/founditems]>>>> As for searching, you'd be pretty screwed. You cannot even search >> with an EQ on seed-encrypted values, as the same seed applied to the >> same value may result in a different encrypted value. If you encrypt >> without a seed, you will get a consistent encrypted value but it >> cannot be decrypted (this lets you compare encrypted passwords, for >> example, but not retrieve their original decrypted value).>>>> I don't know of any way to hide the seed from someone with access to >> the source code.>>>> - brian>>>>>>>> On Jun 28, 2004, at 2:57 PM, Christophe Billiottet wrote:>>>>> Hello! is it safe to encrypt every single data loaded in a WebDNA >>> database (that may become quite large, +40 meg with time) using>>>>>> [Append db=SomeDatabase.db]name=[Encrypt >>> seed=abcdefg][name][/Encrypt]&address=[Encrypt >>> seed=abcdefg][address][/Encrypt][/Append]>>>>>> and is WebDNA still able to do some searching in the encrypted >>> database ? what would be the proper way to search?>>>>>>>>> [Search db=SomeDatabase.db&eqNAMEdata=[Encrypt >>> seed=abcdefg][name][/Encrypt]]>>> [FoundItems]>>> [Decrypt seed=abcdefg][Name][/Decrypt], [Decrypt >>> seed=abcdefg][Address][/Decrypt]
>>> [/FoundItems]>>> [/Search]>>>>>> also, how to hide the "seed" in the templates in case the disk is >>> stolen? (requested by the customer)>>>>>> Thank you!>>> chris>>>-- Brian Fries, BrainScan Software -- http://www.brainscansoftware.com ---------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: encrypted database ( Brian Fries 2004)
Re: encrypted database ( Chris 2004)
Re: encrypted database ( Brian Fries 2004)
encrypted database ( Chris 2004)
Re: Encrypted Databases (Tom Duke 2000)
Re: Encrypted Databases (WebDNA Support 2000)
Re: Encrypted Databases (Kenneth Grome 2000)

You could load all the records into a decrypted table then search that, but you would need to load the table every time a page is loaded that needs it. WebDNA has no provision for RAM data objects that persist between page hits other than its RAM cache of open databases, which are identical to their disk counterparts (i.e. encrypted in your case). If your databases are small, or only accessed infrequently, this could be done, but with any significant traffic and data volume the performance would take a big hit.As for encrypted templates, that may work for hiding the seed. I haven't done more than a little fooling around with encrypted templates, so I don't know.- brianOn Jun 28, 2004, at 4:49 PM, Christophe Billiottet wrote:> Thank you Brian for this explaination. The idea is to keep all data > encrypted in the database, but without disallowing services like > search, and without any easy-to-find "seed" in the templates: the > customer idea is to protect his data if his server is stolen, which > already happened.> What about keeping the database copy encrypted on disk and working on > a decrypted RAM copy? not sure if this is possible. If not, we'll > encrypt only the sensitive part of the data, which does not need to be > searchable.>> As for hiding the seed, just found it on the WebDNA Programmer Guide, > chapter 4 "encrypting template" with> > I guess an encrypted template could in turn contains [encrypt] tags.>> chris>> On Jun 28, 2004, at 19:11, Brian Fries wrote:>>> You will need to double-url the encrypted values in your APPEND, and >> single-unurl them in you FOUNDITEMS. WebDNA performs a single unurl >> on the values being appended, so with the double-url you are left >> with a single-url'ed value written to the database, which will avoid >> dangerous characters being written out.>>>> [append db=SomeDatabase.db]name=[url][url][encrypt >> seed=abcedfg][name][/encrypt][/url][/url]&...[/append]>>>> [founditems]>> [decrypt seed=abcdefg][unurl][name][/unurl][/decrypt]...>> [/founditems]>>>> As for searching, you'd be pretty screwed. You cannot even search >> with an EQ on seed-encrypted values, as the same seed applied to the >> same value may result in a different encrypted value. If you encrypt >> without a seed, you will get a consistent encrypted value but it >> cannot be decrypted (this lets you compare encrypted passwords, for >> example, but not retrieve their original decrypted value).>>>> I don't know of any way to hide the seed from someone with access to >> the source code.>>>> - brian>>>>>>>> On Jun 28, 2004, at 2:57 PM, Christophe Billiottet wrote:>>>>> Hello! is it safe to encrypt every single data loaded in a WebDNA >>> database (that may become quite large, +40 meg with time) using>>>>>> [Append db=SomeDatabase.db]name=[Encrypt >>> seed=abcdefg][name][/Encrypt]&address=[Encrypt >>> seed=abcdefg][address][/Encrypt][/Append]>>>>>> and is WebDNA still able to do some searching in the encrypted >>> database ? what would be the proper way to search?>>>>>>>>> [Search db=SomeDatabase.db&eqNAMEdata=[Encrypt >>> seed=abcdefg][name][/Encrypt]]>>> [founditems]>>> [Decrypt seed=abcdefg][Name][/Decrypt], [Decrypt >>> seed=abcdefg][Address][/Decrypt]
>>> [/FoundItems]>>> [/Search]>>>>>> also, how to hide the "seed" in the templates in case the disk is >>> stolen? (requested by the customer)>>>>>> Thank you!>>> chris>>>-- Brian Fries, BrainScan Software -- http://www.brainscansoftware.com ---------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Brian Fries

DOWNLOAD WEBDNA NOW!

Re: encrypted database

2004

Top Articles:

Related Readings: