Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Securing data from the browser to the DB

from [Eoin Keary] Network Security [Permanent Link]
Subject: Re: Securing data from the browser to the DB
Date: Mon, 28 Nov 2005 12:20:54 +0000 
you should be using a recognised encryption scheme not a home made one.
then you can pass the key to the other application assuming is
supports the encryption scheme you are using. You shouldnt need to
pass "encryption code" only the key?


On 28/11/05, Yousef Syed <yousef.syed@gmail.com> wrote:

Hi guys,
I need to secure data from the browser all the way to the DB (Oracle 10g).
At the moment we're setting "No Cache" and using HTTPS; then
encrypting the data on the Webserver before transfering it across to
the DB, where it will be Encrypted again.

Now, I've been told that reports will be run on the DB by a separate
tool that will not go via the Web Server or J2EE Application Server.
Now, I don't see how we can encrypt on the Webserver if another
reporting tool will access the DB, by passing our
Encryption/Decryption code.

Given this situation, what is the best way to go about securing the
data and making it available to other systems?

Thanx,
ys


--
Yousef Syed
'One senior official said the consultancy "doesn't have the greatest
of reputations among civil servants. They come and state the bleeding
obvious using Powerpoint".'
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Simple to exploit SQL Injection ?, Rich Bergmann
Next by Date:  Re: Securing data from the browser to the DB, Yousef Syed
Previous by Thread:  Securing data from the browser to the DB, Yousef Syed
Next by Thread:  Re: Securing data from the browser to the DB, Yousef Syed
Indexes:  [Date] [Thread] [Top] [All Lists]