Client has number of staff who will be travelling with laptops and they want us to provide online/offline capability with data sync when internet connection is available. However they are concerned that confidential data in the SQL db will be at risk if a laptop is lost/stolen.
Sybase provide ability to encrypt databases but it seems that the encryption key needs to be entered each time the DB is started, or User prompted to enter the key - but this would not be acceptable. Has anyone resolved how to handle this in a Servoy offline scenario so that key is not visible in properties file etc
To start a database that is strongly encrypted or a database with strongly encrypted tables, you must specify the encryption key. You do this by including the -ep or -ek option when you start the database server. The -ep option indicates that you want to be prompted by a window to enter the encryption key. The key is not seen in plain text.
Well I had originally thought that the encryption key would be setup when a database is created and we then use a GRANT ALL statement to allow the ‘servoy’ connection full access.
However, the security is then compromised since anyone who knows the ‘servoy’ connection password can open the DB using Sybase Central.
Or am I missing something here - quite possible as it is only Monday
Well I have suggested that Full Disk Encryption would be easier to implement. However, while this would secure the laptop if lost/stolen it does not protect against an end User copying the database and using it for another venture - which has happened in the past so they very sensitive on this subject.
Your end users should never know the password to the Sybase database. You mentioned “the security is then compromised since anyone who knows the ‘servoy’ connection password can open the DB using Sybase Central.” This is exactly right. No matter what kind of encryption you do, if a user knows the username and password to the DB, then they can connect once the DB is started
Encrypting the DB. This is only useful for not allowing people direct access to the data, without knowing the db password, or going through the Servoy app. So, it keeps users from just copying the DB off to another machine, and doing a direct read of the data.
Sybase also has the Simple Encryption option, which is basically just obfuscation, but with Simple Encryption, you don’t have to specify a password. See: http://www.sybase.com/detail?id=1054418
So, if I were you, I would use Simple Encryption to obfuscate the data to prevent direct reads. And then don’t let any of the users know the password to the Sybase DB.
And if they are picky about security, you may want to change some JDBC settings. See: http://infocenter.sybase.com/help/topic … prjdbc.pdf
Like: ENCRYPT_PASSWORD = True //enable the password sent to the server to be encrypted