So many options to choose from - data security

Posted by ctoman on 08-Aug-2016 08:57

What data encryption is best for our company needs, TDE, SSL/TLC, or ABL?  Just some random thoughts!

OE 11.4

OS HP-UX

Thanks in Advance!

OpenEdge RDBMS - Forum

All Replies

Posted by Rob Fitzpatrick on 08-Aug-2016 09:02

Don't start with technologies.  Start with your business/regulatory requirements.

Posted by Frank Meulblok on 08-Aug-2016 10:50

Different protocols work at different levels of the application, and they are not mutually exclusive.

To clarify what works where:

TDE = Transparent Database Encryption. Simplified: Once configured, all database files persisted on disk will be encrypted automatically. This keeps your "at rest" data secure.

SSL/TLS = Secure Socket Layer / Transport Layer Security. Simplified: Encrypts data as it goes over a network.

* Note: If you need this, at least get the public hotfix for 11.4 that provides the TLS 1.0 support.

ABL encryption functions can handle a number of protocols & cyphers, but you'll need to write the code for that.

Posted by Keith Sudbury on 08-Aug-2016 11:22

Most likely a mixture of all three depending on what industry you are in and what kind of data you store. Like Frank said they all solve different compliance or security issues.

These days ABL encryption is "usually" for storing passwords or other specialized needs like integration with other systems. TDE is hard to beat for database encryption at rest. It does come with a price tag but compared to the alternative of rewriting your app, testing the app and giving up some core features (easy indexing for one) it is quite the bargain.

Posted by gus bjorklund on 09-Aug-2016 05:54

TDE is for protecting data at rest, i.e. data that is on-disk in the database and its associated files and backups.

SSL is for protecting data in transit, i.e. data that is transmitted to client from database and from client to database over an unsecured network

ABL encryption functionality is for protecting small amounts of data when you are willing to do all the work and key management yourself

Posted by bronco on 09-Aug-2016 12:41

[quote user="Keith Sudbury"]These days ABL encryption is "usually" for storing passwords [/quote]

That would be not a good idea, passwords should be hashed, not encrypted. The latter is reversible and therefor it is somehow possible to get the actual password. Hashing on the other hand, preferably with a per user variable salt, makes a unique code which is not reversible to the original password.

Posted by bronco on 09-Aug-2016 12:45

I realize it's a bit off-topic, but here is a good start on storing passwords: arr.gr/.../

This thread is closed