Mitchell Peek wrote:
I proposed this question as a reply to an old thread, throught it might have been lost due to the age of the thread, so decided to re-intorduce it in its own. Sorry for the redundancy...
someone suggested:
You may need to store things like credit card numbers or passwords in the database. DBAs have full access to the database, and may need it, but you don't want them to know this information. If you need to get the information back out, then use encryption (blowfish etc) and store the encrypted data only.
Any suggestions on the best means of implementing encryption (any, not necessarily blowfish) of this sort? UDF? trigger? etc? How does one go about implementing such a thing and making this workable?
Well, there were several interesting answers. First one was from Paul Hope:
We use data encryption for the wages tables. We have encrypt and decrypt functions in Delphi and use these in GetText and SetText for data aware controls.
Also, during development only, we have a decrypt udf so that decrypted views of the tables can be created for testing and debugging the system. The encryption creates varchar data which only includes printable characters.
Ann W. Harrison's take was from different angle:
If there were an easy answer to that question, Firebird would do encryption itself. The hard problem is key management. No doubt the public/private key pair algorithms are a solution - though I haven't seen exactly how it would work. A second problem is the level of encryption you choose - the really solid ones are very slow - at least for database applications. A third problem is indexing - if the encrypted data doesn't sort the same way as non-encrypted data (and it won't), range retrievals won't work.