java - encrypting mysql database used by spring mvc app -


a spring mvc app on web server interacts mysql database hosted on same server. spring mvc app needs able search database.

is there way can encrypt mysql database protect external malice, while retaining ability of spring mvc app query database? how?

i want make sure other app unable use contents of database, need app able records name, id, etc.

no, mysql not support encryption of entire database. have have pick 1 of these solutions:

encrypt columns

you don't need of data encrypted, sensitive data. can @ application level , insert blobs database. requires updating code - aka not transparent.

use encrypted partition/disk

another solution encrypt @ os level. long user permissions set correctly, no malicious processes able read data when system running, , no 1 @ able read when system offline. require remembering enter password every time start machine/unlock partition.

use database supports encryption natively

h2 1 such database. database written in pure java java applications. this, unfortunately, require data migration can painful depending on contents.

don't @ all

take @ data you're protecting , threat model. think encrypting database worth while? if application simple, personal blog, there's not protect except user's password hashes (you are hashing them, right?). if, on other hand, you're storing medical data , required have encrypted in way, first option best way go.


Comments

Popular posts from this blog

c# - Better 64-bit byte array hash -

webrtc - Which ICE candidate am I using and why? -

php - Zend Framework / Skeleton-Application / Composer install issue -