Hi there, I know it is easy to encrypt password files but I have a client with sensitive data - is it possible to encrypt whole DB ? Will this cause performance issues ? Thanks
What database are you using? With some databases it is possible to encrypt the entire database on disk. There's a few options you have depending on the database that you are using. If youare using MySQL or a database that doesn't support encrypted tables, you would need to use an encrypted file system and then individually encrypt/decrypt data as it is inserted and selected from the database. MSSQL, and the more advanced databases support table and full database encryption, which can greatly reduce the overhead that is caused by encrypting on the fly. In any case, key management is the biggest concern, as you must use a key to decrypt data. The security of the data is only as secure as how the key is managed. Since passwords are normally stored using an irreversible hash, key management isn't important. Also, encryption always affects performance. How much really depends on how your encryption works, how large the data is, and your usage.
Hi - thanks for reply I am using mysql & i think it supports encryption as all password fields are encrypted
For mysql you will want to use the built in functions AES_ENCRYPT and AES_DECRYPT for strong reversible encryption. The PASSWORD function again creates a hash, which is not reversible. http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html For reversible use the AES functions. AES is a strong, government approved encryption method. Make sure you use a strong key as well. Something like: m48yK2i3V&K!LwHI If you need the entire server encrypted as well, make sure to use an encrypted file system. Both Windows and Linux support types of EFS.