Tuesday, 16 November 2010

Securing data from DBA's and developers

We have a pretty interesting issue here. We are developing an application for managing software companies and we will be using this ourselves.
This application will be storing some sensitive data such as salaries and rates.

Now, how on earth do you protect this information from the eyes of the very people who are building and supporting the solution??

Obviously the data for these fields will have to be encrypted within the database, but where do you keep the decryption key? And how do developers support\view the app without knowing the key? The requirements for the solution are as follows:
  • The data is encrypted within the database so is not human readable
  • The key is not stored anywhere other than in memory on the server
  • The pages which read the data can happily display the data in either encrypted form, or decrypted with the wrong key. This allows devs to view\debug the page.
  • The dev can encrypt and store the data using the wrong key if they want as as writing data is not a security concern.
I am currently considering this key to be an additional password which is held in the users session and if this has not been set, then the data is not shown. If an incorrect key is used a warning is given and what will be shown will be garbage. The key is checked for validity by encrypting a known word with it and comparing this with a pre-encrypted copy which is stored in config.

Anyone have any other ideas?? It is a tricky topic...


  1. The concept is highly impressive and I do agree that there is a need to protect crucial data from the people who are actually working on that system. I would love to know more about your progress.
    sap support pack

  2. Its really nice to read the side effects that you outlined above mainly the one in which you said that the user gets fantastic visibility.It will indeed add to user experience.
    breastactives | buy sizegenetics