ENCRYPT data
Hello,
How can I encrypt data in standalone 3.2?
Thank you
How can I encrypt data in standalone 3.2?
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hey David,
Someone who is not reading your response very carefully, may come to think that
You always have to consider non-privileged, non-root access.
There is also always the question of what happens to storage media when it is replaced, and that not everyone has the privilege of running their own hosting servers.
So while encryption is not a panacea for all security woes, it surely has its place.
Someone who is not reading your response very carefully, may come to think that
Then there's zero usefulness to encrypting data.I strongly disagree.
You always have to consider non-privileged, non-root access.
There is also always the question of what happens to storage media when it is replaced, and that not everyone has the privilege of running their own hosting servers.
So while encryption is not a panacea for all security woes, it surely has its place.
@Shalom, good point.
My rules are simple.
1) Only root/wheel/admin users can access raw data, so only root can enforce/manage security.
2) Non-root can only access data through APIs or some type of constrained access, so in my case no non-privileged, non-root user ever has any blanket access... only access through some sort of highly controlled mechanism... because...
Problems occur when non-privileged, non-root users... destroy data...
My rules are simple.
1) Only root/wheel/admin users can access raw data, so only root can enforce/manage security.
2) Non-root can only access data through APIs or some type of constrained access, so in my case no non-privileged, non-root user ever has any blanket access... only access through some sort of highly controlled mechanism... because...
Problems occur when non-privileged, non-root users... destroy data...
So consider an encrypted database.
Do serve decrypted data, requires a decryption key be provided.
So... where's the key stored?
If someone has root access to a machine... and a key is laying around somewhere... as it must be to decrypt data...
Then there's zero usefulness to encrypting data.
Best investment is made in locking down security on a systems, as anytime a machine is hacked... it's all over... no amount of encryption will protect data, because the key has to live somewhere... and root can always access the key or key storage mechanism.