EJB pattern and database question
raja srinivas
Greenhorn
Posts: 20
posted 16 years ago
Hi guys,
this is not really an EJB question ...but i dont know where else to ask so please bear with me.
I am trying to build an application for the Financial sector. As security is of primary importance there, i want to store ALL the data in the Database in the encrypted format(and not just the username and passwords).
My first question is, can i do this ?? If i can, what is the datatype of the fields that i need to specify ? can i carry on with integer, var(n), String type of datatypes or will they all have to specified as Strings if they have to be stored in the Encrypted format?
My second question is related to Ejb's
I have a Stateless session Bean that i want to decrypt/encrypt all data passing to and from the database, that it sits between the other session beans and the entity beans. In this scenario this session bean acts as a bottleneck for the entire application, which might drag down the performance of the entire system. Does anyone have a more efficient solution/pattern for solving this problem ?
Thanks
Raja
this is not really an EJB question ...but i dont know where else to ask so please bear with me.
I am trying to build an application for the Financial sector. As security is of primary importance there, i want to store ALL the data in the Database in the encrypted format(and not just the username and passwords).
My first question is, can i do this ?? If i can, what is the datatype of the fields that i need to specify ? can i carry on with integer, var(n), String type of datatypes or will they all have to specified as Strings if they have to be stored in the Encrypted format?
My second question is related to Ejb's
I have a Stateless session Bean that i want to decrypt/encrypt all data passing to and from the database, that it sits between the other session beans and the entity beans. In this scenario this session bean acts as a bottleneck for the entire application, which might drag down the performance of the entire system. Does anyone have a more efficient solution/pattern for solving this problem ?
Thanks
Raja
punit pandey
Greenhorn
Posts: 6
posted 16 years ago
hello raja,
It is not a good idea to store all the data in encrypted format rathar you should use the security of your RDBMS and rely on that. Yes, you can do this but the resultant application will not perform very well.
Anyway if you even than want to encrypt your data, you should prefer "stored procedure" to encrypt/decrypt your data. I think it is the best way.
Punit Pandey
Punit Pandey
It is not a good idea to store all the data in encrypted format rathar you should use the security of your RDBMS and rely on that. Yes, you can do this but the resultant application will not perform very well.
Anyway if you even than want to encrypt your data, you should prefer "stored procedure" to encrypt/decrypt your data. I think it is the best way.
Punit Pandey
Punit Pandey
posted 16 years ago
I concur with Punit. Trust your DBMS. And lock it away from the publicly accessible systems. As far as encryption goes, why spend all that effort on the backend, where you have the best access control anyway? I wouldn't actually decrypt it until it reaches the client! If you use a mechanism like SSL and your servers are secured, you only have to worry about data theft on the client system. Otherwise, you're open to "wiretapping".
An IDE is no substitute for an Intelligent Developer.
|