close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

compare columns matching decrypted values in different tables with different encryption types

Thread began 10/31/2014 12:08 pm by Jason | Last modified 11/03/2014 1:27 pm by Jason Byrnes | 776 views | 7 replies |

Jason

compare columns matching decrypted values in different tables with different encryption types

example:
table 1 = person
column = person_id (encrypted with rijndael)
column = name

table 2 = address
column = address_person_id (encrypted with hash)
column = address_line_1

I want to search for a name in table 1 in the results page would show the persons name and address from table 2. The encrypted database values would be different, but the decrypted values would be the same. How can I do this?

Sign in to reply to this post

Jason ByrnesWebAssist

you shouldn't be encrypting the ID column


I can understand encrypting the name or password, but there is nothing to be gained in encrusting the ID column.

the ID column should be a numeric value, and let the database auto increment in the person table to force a unique value.

the ID column is used to look up the users information, the information can be encrypted, but the id column itself should not.

Sign in to reply to this post

Jason

The goal in encrypting the id column was to make it more difficult to associate a persons name to their contact information. Hopefully making id theft less likely in case the database information were accessed by an unathorized individual. I thought encrypting the id columns would lead to faster load times because there would be fewer columns with less data being encrypted and decrypted. Is this not possible, or just not a good idea?

Sign in to reply to this post

Jason ByrnesWebAssist

another person knowing the ID of the record in the database is not what you should be worried about, the only way this does anybody any good is if they have access to the database directly.

and in that case, you're best hope is to have the sensitive data in each of the columns encrypted.

It will not speed up the database either, if anything it will slow it down since the values will be in text. text values take up more space in the database than numbers do, thereby slowing down any indexing.

this is an ineffectual strategy for protecting data in the database.

Sign in to reply to this post

Jason

Ok, thanks Jason. It made sense to me logically, but I didn't have a full understanding of how the process would work. Thanks for your advice, and good luck working out all the bugs in the latest updates!

Sign in to reply to this post

Jason ByrnesWebAssist

you're welcome.

Sign in to reply to this post

Jason

If I do like you suggested and encrypt the data columns rather than the id columns, will I be able to edit my search forms to search those columns? For example if the LastName column were encrypted with RIJNDAEL is it possible to create a search form that will search the last name column? If so, how much is that going to slow things down (I'm assuming it's going to have to decrypt every row in that column)?

Sign in to reply to this post

Jason ByrnesWebAssist

With RIJNDAEL encryption, this is problematic because like you say you have decrypt in the database to be able to search, you may want to see this thread at stack overflow.
http://dba.stackexchange.com/questions/23908/how-to-search-a-mysql-database-with-encrypted-fields

to be honest, i think it is a little over board to encrypt columns like first or last name.

I can see encrypting the street address, that is a lot more personal than the first and last name.

when it comes to encryption, it shouldn't be applied as a blanket for the entire disabuse, but used sparingly on data that is truly private, and you need to weigh tradeoffs like the ability to search,

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...