Recent

Author Topic: Database with table encryption needed  (Read 1583 times)

john horst

  • Jr. Member
  • **
  • Posts: 66
    • JHorst
Re: Database with table encryption needed
« Reply #15 on: May 11, 2019, 08:14:19 pm »
You could always just have data location 1 (Admin DB) & Data location 2 (Unmodified, encrypted data). It cuts both ways, you can prove the admin tampered with location 1 but had no access to location 2. Encrypt what you don't want the admin to see. If he deletes the record restore from data location 2.
« Last Edit: May 11, 2019, 08:16:02 pm by john horst »

lucamar

  • Hero Member
  • *****
  • Posts: 3440
Re: Database with table encryption needed
« Reply #16 on: May 11, 2019, 10:09:34 pm »
In case it serves you, this is from the PostgreSQL manual:

Quote from: ‪"PostgreSQL 11 Doc.: 18.8. Encryption Options"
Client-Side Encryption
If the system administrator for the server's machine cannot be trusted, it is necessary for the client to encrypt the data; this way, unencrypted data never appears on the database server. Data is encrypted on the client before being sent to the server, and database results have to be decrypted on the client before being used.

The only problem with that approach re. the German law is if the admin (or other) delete data; any other operation would make unencrypted data appear in the database, which is a dead give-away of tampering.

I don't know the German law, but most laws of that kind don't really care about whether data is tampered with or not but that, if tampered with, the fact (and, if possible, the culprit) be made obvious.
Turbo Pascal 3 CP/M - Amstrad PCW 8256 (512 KB !!!) :P
Lazarus/FPC 2.0.8/3.0.4 & 2.0.10/3.2.0 - 32/64 bits on:
(K|L|X)Ubuntu 12..18, Windows XP, 7, 10 and various DOSes.

ahiggins

  • Jr. Member
  • **
  • Posts: 92
Re: Database with table encryption needed
« Reply #17 on: June 04, 2019, 08:25:39 pm »
@thehidden  ***I might be well off target with this*** 
Have you looked at Firebird 3 it seems you can write your own plug-in, (pascal example with FB3PATH\examples\dbcrypt.pas)
and looks like it encrypts users data at a page level.

Oh
I'm struggling porting the CryptKeyHolder.cpp to pascal if anybody can help (my C++ is extremely limited)    :)

« Last Edit: June 04, 2019, 08:27:25 pm by ahiggins »

 

TinyPortal © 2005-2018