Just reverse the byte stream until is gets to the destination.
Nobody is going to know any different.
Nobody is going to know any different.
-
-
Cheers for that - when I spoke to our network guys they started banging on about security in the application - but I guess there are two things to considerOriginally posted by rocketjet View Post
1) The application talking to the database.
2) The application talking to another application.
Can you approach both of these in the same way or do they need to be considered differently?Comment
-
I would be pretty sure these would always be done differently. SQL connections can be encrypted fairly easily by configuration on most databases.
Between applications I would suggest just writing some encryption code in the application ( which is a small job ) and passing round public keys.Comment
-
Lots of places unencrypt traffic as soon as it gets inside their network. It's about where your controls for such things sit. If a customer fires over a CC number to your site, you'll need to unencrypt it eventually or you'd never be able to process it. And you might want to watch what customers are doing on your site, to check they're not up to any funny business, again, which you can only see if it's in the clear at some point before the servers.Originally posted by original PM View Post
As long as you can demonstrate that the area of the network where those things travel unencrypted is secure, then that's probably enough, but you will get someone trying to score easy audit-points saying that you have to have it encrypted anyway, and because it's possible and the higher-ups will be risk-averse, then you'll end up doing it.Comment
-
I think you need the client to clarify the requirements. They need to provide more information in regards to what level of encryption is required as there are many ciphers/algorithms AES-128-CBC, AES-256-CBC, AES-128-GCM, etc. Then we come onto the authentication, which can be as simple as a shared key between servers or use advanced PKI x509 certificates, etc.Originally posted by original PM View Post
Not sure what database product you are using but MS SQL Server supports TLS.
https://support.microsoft.com/en-gb/...oft-sql-serverComment
-
https is an encrypted form of httpOriginally posted by original PM View PostWoo hoo.
So we have done our 'encrypting data at rest' bit of work.
And now we are being told to 'encrypt data in transit'.
Unsurprisingly I am getting a lot of different answer non of which make sense.
So lest assume we want to encrypt a web service - so it needs to be sent as an https message rather than http - I am being told we need to encrypt that somewhere in the application.
However my understand was that it is just a mode of transport for the message - so i could send the same message via either http or https but the one which goes via https is 'more secure' and 'more difficult for someone to intercept and read' than the one going via http.
Appreciate this is a large topic but can anyone shed any light on this?
When your web browser connects to a web server using http then nobody asks for encryption. But if you connect to it using https then both parties agree to encrypt the connection
But encryption comes down to what the application is, what the client asks for and if the application offers an encryption protocol
I.E. your web server may support encrypted connections, but if the client asks for an unencrypted one then the connection will be unencrypted
Having said, some web servers these days will redirect an http request to an https one so that encryption is enabled by defaultComment
Comment