stackoom
  简体   繁体   中英

How can I hide the foreign key relationship of a database table or create anonymous entries?

 原文  2016-12-24 08:59:57       database/ security/ database-design/ hash

Question

Is it possible to store associated data in a database without explicitly revealing its relationship or owner? This page talks about using a hash of user info combined with a password to identify a user that a transaction belongs to. A few searches have revealed nothing in terms of implementation details for this security feature.

Say that I have users which have private data tied to their account, how can I make it so that someone with access to a dump of the database cannot tell which data belongs to which user?

1 answers

solution1
 0  2016-12-26 20:26:41

It's not a security feature, it's a design pattern (or, arguably, anti-pattern). The page you linked describes how they implemented it: sensitive information is stored with an identifier that cannot be traced back to any given user without cross-referencing information external to the database. In their example, it's the password, which when combined with other account information and hashed generates a consistent id for that user's transactions. In order to correctly associate a user with their transactions, you need the original password to rebuild the hash. No password = no association.

So that does the job; it sacrifices referential integrity, which is why I'd call it an anti-pattern, but then that's the whole idea. The bigger problem is that it's at likely the most sensitive possible point, since the hash must be updated for all of a user's transactions whenever the information used to generate it changes. The lack of a foreign key constraint also allows bogus transactions without any user. It would be somewhat safer, structurally speaking, to have an anonymized table of transaction owners with a proper foreign key relationship to the transaction table and a hash as described linking the owner entity to the actual user. This way, the sensitive relationship is one-to-one instead of one-to-many and the impact of an integrity failure is restricted.

Both of these approaches, of course, are vulnerable to simple patience and analysis -- if someone has a database dump and is sufficiently motivated, the transactions themselves can be enough to get an idea of who made them as long as they're tied to a consistent user-hash or owner. One pizza delivery charge could be anything; several put you within a few miles of someone's house. The more information you can correlate with an anonymous record, the less anonymous it really is.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Create foreign key relationship in database How can I create a foreign key relationship in Visual Studio when writing out the tables? Database 1:1 relationship foreign key How can I create a FOREIGN KEY in SQLite? how to make FOREIGN KEY Relationship in Two table How can i create foreign table with a condition How do you create a foreign key relationship in a SQL Server CE (Compact Edition) Database? How should I import separate table in mysql database with foreign key? MySQL: How to update foreign key field, and create a relationship, after table values have been set with default values? How should i create a database table where i will keep multiple event names and their timestamps with device token as foreign key
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM