Results 1 to 5 of 5

Thread: Setting encryption key in web/mobile Javascript apps

  1. #1
    Lianja MVP
    Join Date
    Feb 2012
    Location
    Berea, KY, USA
    Posts
    1,945

    Setting encryption key in web/mobile Javascript apps

    I hadn't considered this previously.

    I have a table in a database that is necessarily encrypted.

    In a VFP app, I would SET ENCRYPTION TO <the key containing in an #include file) in the INIT of the app.

    What would I do in a JavaScript (web/mobile) app?

    thanks,

    Hank

  2. #2
    Lianja Development Team barrymavin's Avatar
    Join Date
    Feb 2012
    Location
    UK, USA, Thailand
    Posts
    5,770
    Hi Hank,

    The connection between the client and the server is stateless.

    In 4.1 I made some changes to the way timelines are handled so that whenever a database and/or table is opened its timeline can be enabled by setting timeline=on in the metadata.

    e.g.

    alter database southwind metadata "timeline=on"
    alter table mytable metadata "timeline=off"
    etc

    The reason i mention this is that encryption is a similar problem.

    Popping up dialogs in the web/mobile to input encryption keys is not practical.

    I'm therefore considering handling encrypted tables through metadata.

    alter database southwind metadata "encryption=key1,key2,key3"
    alter table mytable metadata "encryption=key1,key2,key3"

    I then need to mask off these keys when databaseMetaData() or tableMetaData() is evaluated from web/mobile Apps.
    Principal developer of Lianja, Recital and other products

    Follow me on:

    Twitter: http://twitter.com/lianjaInc
    Facebook: http://www.facebook.com/LianjaInc
    LinkedIn: http://www.linkedin.com/in/barrymavin

  3. #3
    Lianja MVP
    Join Date
    Feb 2012
    Location
    Berea, KY, USA
    Posts
    1,945
    Hi Barry,

    that metadata has almost turned into an alternative command channel. That's a good thing.

    The integration should be made to work with a dynamic call to whatever Key Management System is being used (I can use Lianja to create a KMS for this purpose, at least.)

    So the question I have is how do I unencrypt a given table (or an entire database) using a dynamic call that will affect only the current session in a web/mobile app. Wouldn't the metadata setting affect all calls to that table, thus allowing whoever can get a connection to the database to view the information?

    thanks,

    Hank
    Last edited by HankFay; 2017-12-01 at 11:24.

  4. #4
    Lianja Development Team barrymavin's Avatar
    Join Date
    Feb 2012
    Location
    UK, USA, Thailand
    Posts
    5,770
    Hi Hank,

    But they need to authenticate in the first place.

    I like the idea of using a KMS that certain tables or databases would need to authenticate with. That’s just password related security.

    Once you have encrypted a table you can only unencryt it with the same key.

    I suppose the KMS once authenticated using username/password/database/table it could return an encryption key.

    The only thing to be considered is that tables are opened and closed repeatedly so how this is accomplished on a stateless web connection needs to be properly thought out.
    Principal developer of Lianja, Recital and other products

    Follow me on:

    Twitter: http://twitter.com/lianjaInc
    Facebook: http://www.facebook.com/LianjaInc
    LinkedIn: http://www.linkedin.com/in/barrymavin

  5. #5
    Lianja MVP
    Join Date
    Feb 2012
    Location
    Berea, KY, USA
    Posts
    1,945
    Hi Barry,

    Yes, in stateless it gets tricky.

    Even tricker: a common security requirement is that the encryption password must change on a regular basis (it seems as though a month is acceptable). This would entail resetting the encryption on the Lianja tables, so that's a management job the developer would have to work out. Anyway, that's why the key can't be supplied statically even within a given app (I'm thinking apps that are busy 24/7).

    If the ODBC driver specified the decryption key as a key/value pair in the "other" section, and that value specification could be a dynamic call to the KMS, then the issue of stateless could be handled. That all calls, even to the local db, go through ODBC is a reasonable requirement. When the LCS is used in a security-aware environment, the LCS would/should be in a DMZ with very narrow privileges, with the connection to the SQL Server/s (of whatever variety) being the only internal connection/s allowed. Keeping the data on the same server connected to the internet is a definite security no-no.

    As I know you are aware, the bad guys aren't going way, and in fact are always raising their game, so there's going to be more of this rather than less.

    thanks,

    Hank

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Journey into the Cloud
Join us