Issue #22: Database File Encryption

Type: Feature RequestVersion: 1.4.0Priority: NormalStatus: ActiveReplies: 2
#1

ObjectDB supports encryption of client-server communication over the network using SSL.

Encryption of data in database files is less commonly used, since it slows the database.
In addition, when necessary, external encryption can be used (e.g. at the operating system level).

Still, this can be a nice to have feature in some applications.

ObjectDB Support
#2

Our company works in the healthcare space and also transacts payments.  Secondly, we host our software in the cloud.  In order to be HIPAA or PCI compliant, we must encrypt certain data elements so that if someone got a hold of our DB file, were able to inspect the disk, etc., the critical or sensitive data MUST be encrypted.  There are options such as using an encrypted file system, but you will pay a performance penalty.  This also means that the entire DB is encrypted which is okay, but if performance is an issue and only a small percent of your data is encrypted, it appears you're paying a pretty high penalty.

My suggestions would be something like the following:

 

@Encrypt("blowfish","some_public_key")

public class Test {

String myString;

};

or

public class Test {

@Encrypt("AES","some_public_key") String myEncryptedString;

String plainTextString;

};

Annotations could indicate whether a class is encrypted or just certain fields in the class are encrypted.  One could pass in the encryption type and optionally, a public key.

This would mean that ObjectDB would need to provide some sort of "wallet" for storing the private keys (see Oracle).

In our world, not a lot of data needs to be encrypted, so performance for the majority of the system would not suffer, but there are very critical elements (credit card numbers, patient information, etc.) that must be protected.

Thanks

#3

Hi, we have a similar request. We are runing a Police records management system on top of ObjectDB and store very sensitive data. 

Proposed solution by mrbahr2003 would be satisfactory.

Kind regards.

 

Reply