Securing numeric types

markbrown4 · March 21, 2010, 11:40pm

Text fields can be encrypted, but what’s best practice in securing numeric types if you want to be able to use functions like average etc… ?

Thanks

Dan_Grossman · March 21, 2010, 11:52pm

AVG(AES_DECRYPT(column, ‘key’)) ?

Do you really need to encrypt the individual values in a database?

I have never heard of someone encrypting the values of every column in a table.

markbrown4 · March 22, 2010, 10:50pm

Interesting, I imagine it would have a huge performance problem as it would need to decrypt all the data before running the average but that’s understandable.

Do you really need to encrypt the individual values in a database?
I have never heard of someone encrypting the values of every column in a table.

Not every column, certain data that is considered too sensitive - passwords, and certain numeric fields like scores that are very valuable to the client.
There’s two main reasons:
So that developers internally don’t have access to the clients sensitive data.
If security is breached and someone has access to the data they can’t make sense of it.

Thanks,

Dan_Grossman · March 22, 2010, 10:53pm

Maybe you could just encrypt the user identifier and password, so that someone looking at the database (internally or a hacker) has no idea who the numbers go with.

markbrown4 · March 23, 2010, 10:23pm

You would probably need to encrypt about 50 times the information if you try and hide who the data belongs to.
I’m assuming it’s easiest to only encrypt the sensitive data.