[thelist] Sensitve information on the web

Martin Burns martin at easyweb.co.uk
Thu Nov 4 15:46:28 CDT 2010


On 3 Nov 2010, at 15:39, Hassan Schroeder wrote:

> OTOH, while keeping it online in a DB is also a potential exposure,
> it's a lot easier to track access, as well as offer better management
> (auditing, reporting).


If it's actual *sensitive* personal information
(UK legal definition: http://www.ico.gov.uk/for_organisations/data_protection/the_guide/key_definitions.aspx )
you really should be encrypting *before* putting it in the db, even if the db has good access controls on it.

Score double if your db is on a different box to the webserver - you need to encrypt before it leaves the webserver box.

Cheers
Martin

--
> Spammers: Send me email -> yumyum at easyweb.co.uk to train my filter
> http://dspam.nuclearelephant.com/







More information about the thelist mailing list