http://www.pythian.com/news/422/why-encryption-didnt-save-tjx/ News and views from Pythian DBAs Fri, 10 Feb 2012 13:01:25 +0000 hourly 1 http://wordpress.org/?v=3.0.4 http://www.pythian.com/news/422/why-encryption-didnt-save-tjx/#comment-35410 Alex Gorbachev Mon, 09 Apr 2007 00:45:26 +0000 http://www.pythian.com/blogs/422/why-encryption-didnt-save-tjx#comment-35410 As we had a discussion about it with Paul, I recalled that we've been involved in couple projects encrypting sensitive data in Oracle database. In one project, there was so called secure key server that was responsible for providing client a key used to encrypt and decrypt the data. Another project is based on decryption/encryption server where server itself does encryption/decryption with data sent over SSL encoded connection. Interesting that in both cases, vulnerable information is used over and over again in its non-encrypted original form leaving an intruder a chance to capture that sensitive data. Both products/vendors are "certified" with well known these days security standards. As we had a discussion about it with Paul, I recalled that we’ve been involved in couple projects encrypting sensitive data in Oracle database.
In one project, there was so called secure key server that was responsible for providing client a key used to encrypt and decrypt the data. Another project is based on decryption/encryption server where server itself does encryption/decryption with data sent over SSL encoded connection.
Interesting that in both cases, vulnerable information is used over and over again in its non-encrypted original form leaving an intruder a chance to capture that sensitive data. Both products/vendors are “certified” with well known these days security standards.

]]>