• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

EJB pattern and database question

 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi guys,
this is not really an EJB question ...but i dont know where else to ask so please bear with me.
I am trying to build an application for the Financial sector. As security is of primary importance there, i want to store ALL the data in the Database in the encrypted format(and not just the username and passwords).
My first question is, can i do this ?? If i can, what is the datatype of the fields that i need to specify ? can i carry on with integer, var(n), String type of datatypes or will they all have to specified as Strings if they have to be stored in the Encrypted format?
My second question is related to Ejb's
I have a Stateless session Bean that i want to decrypt/encrypt all data passing to and from the database, that it sits between the other session beans and the entity beans. In this scenario this session bean acts as a bottleneck for the entire application, which might drag down the performance of the entire system. Does anyone have a more efficient solution/pattern for solving this problem ?
Thanks
Raja
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello raja,
It is not a good idea to store all the data in encrypted format rathar you should use the security of your RDBMS and rely on that. Yes, you can do this but the resultant application will not perform very well.
Anyway if you even than want to encrypt your data, you should prefer "stored procedure" to encrypt/decrypt your data. I think it is the best way.
Punit Pandey
Punit Pandey
 
Saloon Keeper
Posts: 28758
211
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I concur with Punit. Trust your DBMS. And lock it away from the publicly accessible systems. As far as encryption goes, why spend all that effort on the backend, where you have the best access control anyway? I wouldn't actually decrypt it until it reaches the client! If you use a mechanism like SSL and your servers are secured, you only have to worry about data theft on the client system. Otherwise, you're open to "wiretapping".
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic