stackoom
  简体   繁体   中英

Viewing encrypted database data

 原文  2011-07-12 13:45:41       java/ sql-server/ sql-server-2008/ encryption

Question

I'm using SQL Server 2008 to store some encrypted information. There are about 5 database tables that have fields with encrypted data. The encryption is done at the server side using Java. My problem is that we also need to view/update this encrypted information. To view/update the encrypted information from database I'm creating a web application that will allow a user to view/update the encrypted information residing in database.

For example lets say a user needs to insert new data into database that contains an encrypted field:

  1. The user will be able to enter an INSERT SQL query in the web application and have the App Server parse the query.

  2. If I find a field that needs to be encrypted then I have to extract that clear text value, encrypt it using Java and then modify the query with the encrypted value.

  3. Execute the modified INSERT query against the database.

Now it will be a pain to parse SQL queries and having to modify them. I'm just wondering if there is an easier way to do this. Has anyone done this before? Are there any tools to facilitate this?

Thing is the database will be installed on client sites, therefore we have to encrypt database fields in order to protect intellectual property. Client has full access to their database, so using SQL Server built in encryption is not a good idea.

Any suggestions appreciated.

1 answers

solution1
 2 ACCPTED  2011-07-12 14:31:10

I would advise against using direct sql statement inputs from web app, here is why

  1. No data validation (No data type help on column for the user)
  2. User error's in input sql typo's (can only be validated on jdbc execute)
  3. Not to mention, It is not the most secure way of doing

If you go the form route you need an add/edit form for the table with all the columns listed as form inputs. You can solve all the above problems and also may be add check box beside each column and making the encryption of the column more configurable.

If you still have reasons for straight sql, I guess you can look at this thread below, If I were you I would parse query my self

SQL parser library for Java

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Trying to store encrypted AES data into mySQL database using Java encrypted database password MongoDb Timezone in saving and viewing data Android: viewing tabular data Viewing data on browser Viewing Items in a ListView from Database Encrypted Data with DES - JAVA Encrypted Data in MySql Saving and Viewing/Editing data in Android HSQLDB reset password for encrypted database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM