You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Pierre Smits <pi...@gmail.com> on 2017/11/20 12:57:55 UTC
Re: Privacy laws
Hi Harry,
As far as I can tell, we don't have any information on hand regarding the
applicable laws that are applied to personal information stored in OFBiz.
Are you questioning this in relation to GDPR compliance?
Best regards,
Pierre Smits
ORRTIZ.COM <http://www.orrtiz.com>
OFBiz based solutions & services
OEM - The OFBiz Extensions Marketplace1
http://oem.ofbizci.net/oci-2/
1 not affiliated to (and not endorsed by) the OFBiz project
On Mon, Nov 20, 2017 at 1:22 PM, harry mead <ha...@hotmail.co.uk>
wrote:
> Hi everyone,
>
> Does anyone know the privacy laws (im based in the UK) regarding the
> personal information that is handled and stored on apache ofbiz, and if so
> the best way to go about it.
>
> Thanks in advance
>
> Sent from my iPhone
Re: Privacy laws
Posted by Jacques Le Roux <ja...@les7arts.com>.
Le 21/11/2017 à 04:02, Paul Foxworthy a écrit :
> Hi Harry,
>
> On 21 November 2017 at 01:51, harry mead <ha...@hotmail.co.uk> wrote:
>
>
>> is all the data automatically encrypted on Apache ofBiz, or is there a
>> process to ensure that we have fulfilled all of the GDPR requirements and
>> the law.
>>
> "automatically encrypted" applies to several different facets of an
> application. For example, you would use TLS to encrypt data in transit from
> a browser.
>
> One security risk is that someone with basic file read permissions can dump
> the contents of a data file used by a DBMS with software other than the
> DBMS, and extract sensitive information like credit card numbers. Some
> databases have the option of transparently encrypting all data "at rest",
> sometimes known as Transparent Data Encryption (TDE), which eliminates that
> risk. It's "transparent" in the sense that the data is encrypted while at
> rest in a data file, without you doing anything different in your
> application or your queries. TDE will add some processing overhead and will
> mean your data does not compress well.
>
> MariaDB can do this (
> https://mariadb.com/kb/en/library/data-at-rest-encryption/), as can Oracle
> and Microsoft SQL Server. I'm no Postgres expert, but from what I've seen I
> think you need to call encryption functions as you store data, so it's not
> transparent.
>
> Cheers
>
> Paul Foxworthy
>
Also you can encrypt data using encrypt="true" for a field
Have a look at
<entity entity-name="CreditCard"
and
<field name="cardNumber" type="credit-card-number" encrypt="true"></field>
HTH
Jacques
Re: Privacy laws
Posted by Paul Foxworthy <pa...@cohsoft.com.au>.
Hi Harry,
On 21 November 2017 at 01:51, harry mead <ha...@hotmail.co.uk> wrote:
> is all the data automatically encrypted on Apache ofBiz, or is there a
> process to ensure that we have fulfilled all of the GDPR requirements and
> the law.
>
"automatically encrypted" applies to several different facets of an
application. For example, you would use TLS to encrypt data in transit from
a browser.
One security risk is that someone with basic file read permissions can dump
the contents of a data file used by a DBMS with software other than the
DBMS, and extract sensitive information like credit card numbers. Some
databases have the option of transparently encrypting all data "at rest",
sometimes known as Transparent Data Encryption (TDE), which eliminates that
risk. It's "transparent" in the sense that the data is encrypted while at
rest in a data file, without you doing anything different in your
application or your queries. TDE will add some processing overhead and will
mean your data does not compress well.
MariaDB can do this (
https://mariadb.com/kb/en/library/data-at-rest-encryption/), as can Oracle
and Microsoft SQL Server. I'm no Postgres expert, but from what I've seen I
think you need to call encryption functions as you store data, so it's not
transparent.
Cheers
Paul Foxworthy
--
Coherent Software Australia Pty Ltd
PO Box 2773
Cheltenham Vic 3192
Australia
Phone: +61 3 9585 6788
Web: http://www.coherentsoftware.com.au/
Email: info@coherentsoftware.com.au
Re: Privacy laws
Posted by Pierre Smits <pi...@gmail.com>.
Hi Harry,
Thank you for the prompt reply.
With your answer I can state: nothing of the sort is available OOTB.
Best regards,
Pierre Smits
ORRTIZ.COM <http://www.orrtiz.com>
OFBiz based solutions & services
OEM - The OFBiz Extensions Marketplace1
http://oem.ofbizci.net/oci-2/
1 not affiliated to (and not endorsed by) the OFBiz project
On Mon, Nov 20, 2017 at 3:51 PM, harry mead <ha...@hotmail.co.uk>
wrote:
> HI Pierre,
>
>
> Thanks for the quick response,
>
>
> Yes this is in relation to GDPR compliance.
>
>
> Currently it is going to all be based in the UK, then expanded.
>
> is all the data automatically encrypted on Apache ofBiz, or is there a
> process to ensure that we have fulfilled all of the GDPR requirements and
> the law.
>
>
> Many thanks,
>
>
> Harry
>
> ________________________________
> From: Pierre Smits <pi...@gmail.com>
> Sent: 20 November 2017 12:57
> To: user@ofbiz.apache.org
> Subject: Re: Privacy laws
>
> Hi Harry,
>
> As far as I can tell, we don't have any information on hand regarding the
> applicable laws that are applied to personal information stored in OFBiz.
>
> Are you questioning this in relation to GDPR compliance?
>
> Best regards,
>
> Pierre Smits
>
> ORRTIZ.COM <http://www.orrtiz.com>
> OFBiz based solutions & services
>
> OEM - The OFBiz Extensions Marketplace1
> http://oem.ofbizci.net/oci-2/
> Promotions: OEM Store<http://oem.ofbizci.net/oci-2/>
> oem.ofbizci.net
> This site has been created by Pierre Smits, an Apache OFBiz Contributor.
> Apache, the Apache feather logo, Apache OFBiz, OFBiz and the Apache OFBiz
> logo are ...
>
>
>
> 1 not affiliated to (and not endorsed by) the OFBiz project
>
> On Mon, Nov 20, 2017 at 1:22 PM, harry mead <ha...@hotmail.co.uk>
> wrote:
>
> > Hi everyone,
> >
> > Does anyone know the privacy laws (im based in the UK) regarding the
> > personal information that is handled and stored on apache ofbiz, and if
> so
> > the best way to go about it.
> >
> > Thanks in advance
> >
> > Sent from my iPhone
>
Re: Privacy laws
Posted by harry mead <ha...@hotmail.co.uk>.
HI Pierre,
Thanks for the quick response,
Yes this is in relation to GDPR compliance.
Currently it is going to all be based in the UK, then expanded.
is all the data automatically encrypted on Apache ofBiz, or is there a process to ensure that we have fulfilled all of the GDPR requirements and the law.
Many thanks,
Harry
________________________________
From: Pierre Smits <pi...@gmail.com>
Sent: 20 November 2017 12:57
To: user@ofbiz.apache.org
Subject: Re: Privacy laws
Hi Harry,
As far as I can tell, we don't have any information on hand regarding the
applicable laws that are applied to personal information stored in OFBiz.
Are you questioning this in relation to GDPR compliance?
Best regards,
Pierre Smits
ORRTIZ.COM <http://www.orrtiz.com>
OFBiz based solutions & services
OEM - The OFBiz Extensions Marketplace1
http://oem.ofbizci.net/oci-2/
Promotions: OEM Store<http://oem.ofbizci.net/oci-2/>
oem.ofbizci.net
This site has been created by Pierre Smits, an Apache OFBiz Contributor. Apache, the Apache feather logo, Apache OFBiz, OFBiz and the Apache OFBiz logo are ...
1 not affiliated to (and not endorsed by) the OFBiz project
On Mon, Nov 20, 2017 at 1:22 PM, harry mead <ha...@hotmail.co.uk>
wrote:
> Hi everyone,
>
> Does anyone know the privacy laws (im based in the UK) regarding the
> personal information that is handled and stored on apache ofbiz, and if so
> the best way to go about it.
>
> Thanks in advance
>
> Sent from my iPhone