This application will be storing some sensitive data such as salaries and rates.
Now, how on earth do you protect this information from the eyes of the very people who are building and supporting the solution??
Obviously the data for these fields will have to be encrypted within the database, but where do you keep the decryption key? And how do developers support\view the app without knowing the key? The requirements for the solution are as follows:
- The data is encrypted within the database so is not human readable
- The key is not stored anywhere other than in memory on the server
- The pages which read the data can happily display the data in either encrypted form, or decrypted with the wrong key. This allows devs to view\debug the page.
- The dev can encrypt and store the data using the wrong key if they want as as writing data is not a security concern.
I am currently considering this key to be an additional password which is held in the users session and if this has not been set, then the data is not shown. If an incorrect key is used a warning is given and what will be shown will be garbage. The key is checked for validity by encrypting a known word with it and comparing this with a pre-encrypted copy which is stored in config.
Anyone have any other ideas?? It is a tricky topic...