This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

EJB pattern and database question  RSS feed

 
raja srinivas
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys,
this is not really an EJB question ...but i dont know where else to ask so please bear with me.
I am trying to build an application for the Financial sector. As security is of primary importance there, i want to store ALL the data in the Database in the encrypted format(and not just the username and passwords).
My first question is, can i do this ?? If i can, what is the datatype of the fields that i need to specify ? can i carry on with integer, var(n), String type of datatypes or will they all have to specified as Strings if they have to be stored in the Encrypted format?
My second question is related to Ejb's
I have a Stateless session Bean that i want to decrypt/encrypt all data passing to and from the database, that it sits between the other session beans and the entity beans. In this scenario this session bean acts as a bottleneck for the entire application, which might drag down the performance of the entire system. Does anyone have a more efficient solution/pattern for solving this problem ?
Thanks
Raja
 
punit pandey
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello raja,
It is not a good idea to store all the data in encrypted format rathar you should use the security of your RDBMS and rely on that. Yes, you can do this but the resultant application will not perform very well.
Anyway if you even than want to encrypt your data, you should prefer "stored procedure" to encrypt/decrypt your data. I think it is the best way.
Punit Pandey
Punit Pandey
 
Tim Holloway
Bartender
Posts: 18709
71
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I concur with Punit. Trust your DBMS. And lock it away from the publicly accessible systems. As far as encryption goes, why spend all that effort on the backend, where you have the best access control anyway? I wouldn't actually decrypt it until it reaches the client! If you use a mechanism like SSL and your servers are secured, you only have to worry about data theft on the client system. Otherwise, you're open to "wiretapping".
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!