对数据库中的数据进行加密的安全应用程序的架构 [英] Architecture of a secure application that encrypts data in the database

问题描述

我需要设计一个应用程序来保护数据库中的某些数据免受根攻击.这意味着，即使攻击者控制了存储数据的机器或应用服务器的机器，他也无法从数据库中读取一些关键业务数据.这是客户的要求.我将使用一些非对称算法加密数据，我需要一些好主意，在哪里存储私钥，以便数据安全以及应用程序可用性非常舒适?为简单起见，我们可以假设只使用一对密钥.

I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was quite comfortable? We can assume, for simplicity, that only one key pair is used.

推荐答案

我不确定数据库选项，但值得一看 Oracle 高级安全性(OAS).但是，密钥并不存储在数据库中，而是存储在 Oracle 钱包(操作系统管理)中，据我所知，很难妥协.

I am not sure about the database options, but it's worth to have a look at Oracle Advanced Security(OAS). But, the key is not stored inside the database but in Oracle wallet (OS managed), as far as I can see, compromising this is hard.

OAS 支持表空间级别和列级别的加密.所有这些，它都声称没有任何开销.

OAS supports encryption at tablespace level and at column level. All these, it claims to be performing with no overhead.

这篇关于对数据库中的数据进行加密的安全应用程序的架构的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！