安全的应用程序的体系结构,在数据库加密数据 [英] Architecture of a secure application that encrypts data in the database
问题描述
我需要设计保护一些数据对根的攻击数据库的应用程序。这意味着,即使攻击者会控制存储数据或机器与应用服务器的机器,他无法从数据库中读取一些业务关键数据。这是客户的要求。
我要去的数据与一些不对称加密算法,我需要一些好的想法,在哪里存储私钥,这样的数据是安全的,以及应用可用性还是挺舒服的?我们可以假设,为简单起见,只有一个密钥对用于
I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was quite comfortable? We can assume, for simplicity, that only one key pair is used.
推荐答案
我不知道有关数据库的选项,但它是值得看看<一个href=\"http://www.oracle.com/technology/deploy/security/database-security/advanced-security/index.html\"相对=nofollow> Oracle高级安全(OAS)。但是,关键是不能存储在数据库内,但在甲骨文的钱包(OS管理),据我所看到的,这个妥协是很难。
I am not sure about the database options, but it's worth to have a look at Oracle Advanced Security(OAS). But, the key is not stored inside the database but in Oracle wallet (OS managed), as far as I can see, compromising this is hard.
美洲国家组织支持在表空间级和列级加密。所有这些,它声称没有开销执行。
OAS supports encryption at tablespace level and at column level. All these, it claims to be performing with no overhead.
这篇关于安全的应用程序的体系结构,在数据库加密数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
