encryption

[Conall O'Raghallaigh <co...@medicineman.com>]

Hi,

I'm using OJB with Oracle and have a requirement to encrypt certain columns
in the database. I was thinking of doing the encryption/decryption work in a
FieldConversion object. Does anyone have any experience/suggestions on this?
Do you think it's a good idea to do this in the FieldConversion, or should
it be kept completely out of the data access layer?

Thanks for your help,

Conall

Re: encryption

[Brian McCallister <mc...@forthillcompany.com>]

On Tuesday, June 10, 2003, at 02:21 PM, David C. Hicks wrote:
>
> I found when doing some encryption work earlier this year that 
> Oracle's RAW column type was the right choice in order to store the 
> data after encryption.  You also have to make sure that you provide 
> enough space for any padding bytes that your encryption algorithm may 
> add to the data.
>

I have base64 encoded encrypted data and plugged it into a TEXT for 
storage before, works nicely, and is friendly to deal with if you need 
to access it manually later. I haven't played with Oracle doing this, 
but we do it right now in Postgres and I cannot imagine it would be 
terribly different.

Doing it in a Field Conversion makes sense to me as that is exactly 
what it is - it just involves some data munging in addition to typical 
Database -> JDBC -> Java Object conversions.

If you need to maintain the ability to change keys/algorithms et, wrap 
the algorithm in a Strategy object dynamically loaded via reflection 
(OJB has lots of examples of this) and put the key in a properties 
object. It will take 15 more lines of code, but is infinitely more 
flexible.

-Brian

Re: encryption

["David C. Hicks" <dh...@i-hicks.org>]

I would tend to agree with this.  It is highly unlikely that you'll 
change algorithms once your application is deployed.  It certainly 
doesn't make much sense to mix algorithms unless you're seriously 
paranoid.  Using a FieldConversion object also keeps your application 
developer (you may be the same person) from having to do the encryption 
work.  One possible drawback is that you may want to use different 
encryption keys for different fields.  Using a FieldConversion would 
make that more difficult.  Just something to think about.

I found when doing some encryption work earlier this year that Oracle's 
RAW column type was the right choice in order to store the data after 
encryption.  You also have to make sure that you provide enough space 
for any padding bytes that your encryption algorithm may add to the data.

Dave

Conall O'Raghallaigh wrote:

>I would think separate converter classes the various algorithms, but I
>haven't gotten far enough into it to know what makes the most sense.
>
>-Conall
>
>  
>
>  
>

Re: encryption

[Conall O'Raghallaigh <co...@medicineman.com>]

I would think separate converter classes the various algorithms, but I
haven't gotten far enough into it to know what makes the most sense.

-Conall

----- Original Message -----
From: "Jason McKerr" <mc...@nacse.org>
To: "OJB Users List" <oj...@db.apache.org>
Sent: Tuesday, June 10, 2003 11:01 AM
Subject: Re: encryption


> I haven't tried it in a FieldConversion method. I just use a simple
> encrypt method for certain columns.
>
> Would you create a conversion method for different hashing algo's (i.e.
> one for SHA-1 and one for MD5) or make it a parameter somehow?
>
> Jason
>
>
> On Tue, 2003-06-10 at 10:56, Conall O'Raghallaigh wrote:
> > Hi,
> >
> > I'm using OJB with Oracle and have a requirement to encrypt certain
columns
> > in the database. I was thinking of doing the encryption/decryption work
in a
> > FieldConversion object. Does anyone have any experience/suggestions on
this?
> > Do you think it's a good idea to do this in the FieldConversion, or
should
> > it be kept completely out of the data access layer?
> >
> > Thanks for your help,
> >
> > Conall
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: ojb-user-unsubscribe@db.apache.org
> > For additional commands, e-mail: ojb-user-help@db.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ojb-user-unsubscribe@db.apache.org
> For additional commands, e-mail: ojb-user-help@db.apache.org

Re: encryption

[Jason McKerr <mc...@nacse.org>]

I haven't tried it in a FieldConversion method. I just use a simple
encrypt method for certain columns.

Would you create a conversion method for different hashing algo's (i.e.
one for SHA-1 and one for MD5) or make it a parameter somehow?

Jason


On Tue, 2003-06-10 at 10:56, Conall O'Raghallaigh wrote:
> Hi,
> 
> I'm using OJB with Oracle and have a requirement to encrypt certain columns
> in the database. I was thinking of doing the encryption/decryption work in a
> FieldConversion object. Does anyone have any experience/suggestions on this?
> Do you think it's a good idea to do this in the FieldConversion, or should
> it be kept completely out of the data access layer?
> 
> Thanks for your help,
> 
> Conall
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ojb-user-unsubscribe@db.apache.org
> For additional commands, e-mail: ojb-user-help@db.apache.org