用于加密数据库中数据的安全应用程序的体系结构 [英] Architecture of a secure application that encrypts data in the database
问题描述
我需要设计一个应用程序,以保护数据库中的一些数据库免受根攻击。这意味着,即使攻击者控制存储数据的机器或具有应用程序服务器的机器,他也无法从数据库读取某些业务关键数据。这是客户的要求。
我要用一些不对称算法加密数据,我需要一些好的想法,在哪里存储私钥,以便数据是安全的,以及应用程序的可用性是很舒服吗?我们可以假设,为了简单,只使用一个密钥对。
I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was quite comfortable? We can assume, for simplicity, that only one key pair is used.
推荐答案
我不知道数据库选项,请务必查看 Oracle高级安全性(OAS)。但是,关键是不是存储在数据库内,而是在Oracle钱包(操作系统管理)中,就我所见,妥协这是很难的。
I am not sure about the database options, but it's worth to have a look at Oracle Advanced Security(OAS). But, the key is not stored inside the database but in Oracle wallet (OS managed), as far as I can see, compromising this is hard.
OAS支持加密表空间级别和列级别。所有这些,它声称是执行没有开销。
OAS supports encryption at tablespace level and at column level. All these, it claims to be performing with no overhead.
这篇关于用于加密数据库中数据的安全应用程序的体系结构的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
