cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Baldwin <jfbald...@earthlink.net>
Subject Re: Encrypted Fields
Date Sat, 07 Feb 2009 20:39:36 GMT
I agree.  It is hardly worth the effort of storing a credit card  
number for a customer if you can't run a transaction for the customer.

Also, I think Michael and Chad convinced me to do Java-domain  
encryption.  I think Chad said they had included the algorithms in  
Java 6.  However, I am now caught up in another sysadmin problem with  
OSX and Java 6.  (I can't get Java 6 to run yet).  Still working on it.

Joe




On Feb 7, 2009, at 2:15 PM, Andrus Adamchik wrote:

> One-way hashing works great for passwords (and is in fact THE way to  
> store passwords in the DB). It doesn't work for anything else, as  
> usually you do want to have access to the data you've encrypted.
>
> Andrus
>
> On Feb 7, 2009, at 8:50 PM, Dov Rosenberg wrote:
>
>> One of our customers who is big into security had a pretty good  
>> idea. Their
>> concern was that if the sensitive data could be decrypted it was  
>> vulnerable
>> and considered a security risk. They proposed using a one way  
>> encryption
>> algorithm and then only comparing the hash values of the sensitive  
>> data -
>> not the actual data itself. I am not certain which algorithm they  
>> were
>> talking about.
>>
>> Dov Rosenberg
>>
>>
>> On 2/7/09 12:08 PM, "Michael Gentry" <mgentry@masslight.net> wrote:
>>
>>> Here it is:
>>>
>>> http://people.apache.org/~mgentry/Security_Manifesto.pdf
>>>
>>> Joe had a few questions off-the-list (about how to do a query on an
>>> encrypted value) and I'll try to update it soon, but that's the
>>> current version I have.
>>>
>>> Comments appreciated, as always.
>>>
>>> mrg
>>
>>
>


Mime
View raw message