Cryptography in the Database is out. If you're repsonsible for securing sensitive information in a database, then I wrote this book for you. It's the book that I wish I'd had when I was first put in charge of securing data.
Here is the publisher's site and more information.
Stephen Northcutt, in his review, mentioned that the only thing that drove him crazy was my claim that Java 1.4.2 doesn't support hardware security modules. It is more accurate to say that while Java 1.4.2 does not support HSMs natively, many HSM vendors include Java cryptographic providers that enable transparent calls to the HSM from within Java.
I've read the book, and greatly appreciate it - thank you. I am curious to know when the sample code will be available.
Do you have any thoughts on how your cryptographic structure would differ if it was built into the database server, rather than added on as in your example code?
In chapter 4, you discuss local engines but only as libraries loaded with (or by) the application. There is no discussion of whether you can create more secure local engines using a separate process and an appropriate IPC (inter-process communication) mechanism. Do you have reasons for not mentioning this?
Posted by: Jonathan Leffler | January 03, 2006 at 10:07 AM
the "Once a few more more publishing details are wrapped up, I'll make the source code available." isn't tenable 3 months after publication [Oct 19] when the "3,000 lines of downloadable code" has been clearly promised. - cough up c0deshop !
Posted by: Dick Baker | January 10, 2006 at 09:31 AM
We are implementing encrypting some columns
in some tables. The fields are all read
only (set once). After a column is set,
we only decrypt it when needed.
Is Key Fatigue an issue for this type of
application?
Posted by: Brian Beuning | July 07, 2006 at 12:45 PM