I was wondering if files containing sensitive information are safe in the internal storage of my application or if I should encrypt them as well. I’m asking about an average tech-savvy person being able to access the files. An expert in the Cyber-Security field will be able I guess.
You cannot assume that data is secure unless it is encrypted when stored. You can choose either to enable encryption for certain tables, columns etc at the database level (if the DB provides the functionality), or if you want to remain database agnostic then you can choose to encrypt the data prior to writing it to the database. The latter also allows you to secure data regardless of where it gets stored and allows more fine grained control over what get encrypted. You could even choose to redact data within a single field if required.
webMethods provides services (as of 10.11) to allow you to easily encrypt/decrypt data if you want to do this programatically via the WmPublic package.
pub.security:decrypt
pub.security:decryptAndVerify
pub.security:encrypt
regards,
John.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.