Database encryption or application level encryption?

asp.net database security encryption tde
Simon at LabSlice-com picture Simon at LabSlice-com · Oct 23, 2010 · Viewed 10.4k times · Source

When you need to store sensitive data such as CCs or SSNs, do you:

1) Build your own encryption routine within the application, define a secret key somewhere in a config file, and then manually encrypt/decrypt data going to the database.

2) Push all the problem to the database, using the built in DB capabilities (I think most vendors call it Transparent Database Encryption).

What trade-offs have you find for your solution? Does writing your own routine perform poorly when compared to TDE? Is code maintainability, or conversely DB vendor lock-in an issue?

Answer

Mayo picture Mayo · Oct 23, 2010

I've used a variety of encryption techniques and I believe it is both easier and more secure to encrypt on the application side using a proven encryption routine (i.e. .NET libraries).

If you encrypt on the database, that means the data is sent to and from the database in unencrypted form. This potentially allows for snooping/tampering between the application and the encryption routines on the database. Even if you store the key on the application side, it is still required on the database side to perform encryption. If the database is compromised, your data is at serious risk (just imagine someone running profiler while your application runs).

If you encrypt/decrypt in the application, sensitive data (including the key) is never revealed outside of the application server. Someone would have to compromise both the Web server and database server to access all of your data.

Also, I would highly recommend you not roll your own encryption routine. Chances are you will make a mistake that will reduce the overall security of your solution.

EDIT:

Also wanted to add another factor that will influence your decision. Do you need to query off of that encrypted data? If you encrypt at the application level, you will need to bring the data to the application, decrypt, and work from there. This becomes prohibitive as the data set grows larger - whereas with database encryption you can filter the data before it is sent back to the application.

Related questions

"The transaction log for database is full due to 'LOG_BACKUP'" in a shared host

I have an Asp.Net MVC 5 website with EntityFramework codefirst approach in a shared hosting plan. It uses the open source WebbsitePanel for control panel and its SQL Server panel is somewhat limited. Today when I wanted to edit the …

Read More
Failed to enable constraints. One or more rows contain values violating non-null, unique, or foreign-key constraints

I make an outer join and executed successfully in the informix database but I get the following exception in my code: DataTable dt = TeachingLoadDAL.GetCoursesWithEvalState(i, bat); Failed to enable constraints. One or more rows contain values violating non-null, unique, …

Read More
Unable to cast object of type 'System.DBNull' to type 'System.String`

I got the above error in my app. Here is the original code public string GetCustomerNumber(Guid id) { string accountNumber = (string)DBSqlHelperFactory.ExecuteScalar(connectionStringSplendidmyApp, CommandType.StoredProcedure, "GetCustomerNumber", new SqlParameter("@id", id)); return accountNumber.ToString(); } I replaced with public string GetCustomerNumber(…

Read More