cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ramachandran Rajashri" <>
Subject RE: Encrypted Fields
Date Fri, 06 Feb 2009 14:46:10 GMT
Hi Michael,
I would be very interested in reading you paper. How do I get access to


-----Original Message-----
From: Michael Gentry [] 
Sent: Friday, February 06, 2009 9:36 AM
Subject: Re: Encrypted Fields

Joe, something I've explored doing (wrote a little paper on it, but
implemented it) was to have a pair of values for sensitive fields.  One
the encrypted value (socialSecurityNumber) and the other is a version
(socialSecurityNumberVersion).  The version field maps to different keys
used to encrypt the main field.  This allows for the keys to be changed
to an employee leaving or perhaps you have a 3 month mandate for key
changes) while still allowing you to read the old values.  The key file
should be kept on the disk and protected by Unix file permissions so
can't read it easily.
I'm not sure if I made sense, but I've you'd like, I can dig up my
paper to send you (it might be more helpful).  Just tell me the formats
can read (right now it is a Google Doc).


On Thu, Feb 5, 2009 at 11:01 PM, Joe Baldwin

> These are all good points.  I can do it either way as far as the
> rules go. I was just looking for some suggestions as to best
>  The downside to using the database-managed encryption, is that it
makes the
> Cayenne code pretty messy (unless of course that I have missed some
> Utility/Convenience method that deals with applying MySQL functions to
> fetched data).
> I can brute-force this, as I mentioned earlier, by making the
> via Cayenne select queries and the #result directives pattern.  My
> implementation turned out to be kind of messy and so I was thinking
> has to be a better way.

This message may contain information that is confidential or privileged.  
If you are not the intended recipient, please advise the sender immediately
and delete this message.

View raw message