|
Posted by Colin McKinnon on 10/08/06 21:54
OFM wrote:
> I am running an oracle database with the application written in PHP.
>
> I would like to be able to have the option to encrypt data residing in
> certain columns in certain tables i.e. encrypt the SSNO column but not
> the Fname column. I would like to keep it in its encrypted form in the
> database but I would like to be able to show it to certain privileged
> people based on a password.
>
> Can public key encryption be incorporated here in the php application
> such that if I can encrypt the data based on a key that in it self can
> be encrypted in a way that you can revoke certain passwords if the
> employee leaves - much that same way you have revocation lists
> management in PGP.
>
> Are there any suggestions on how to go about incorporating FLEXIBLE
> encryption of data with PHP and Oracle?
You need a lot of help with this - I think you need to re-examine your
problems here. Do you really not trust the PHP code? If not how are you
going to securely supply decryption tokens to your running code? Where will
the users private keys reside? Do you really want public key encryption or
are you looking for shared keys? Can you afford the performance overhead of
per-attribute public key encryption?
If you are working some where that actually needs Oracle and this kind of
security, then really the people you work for should be able to rent a
consultant for a few days to work on this. But by the sound of things
you've not even got clear objectives of what you are trying to achieve.
C.
Navigation:
[Reply to this message]
|