re: Encrypting your users’ data is no longer optional VIEW POST

VIEW FULL DISCUSSION
 

This is an interesting thought experiment. I am curious how base functionality would be implemented.

Suppose I'm using Postgresql, and I encrypt the contents of every column at the application level before inserting values into the database.

How does one provide general search functionality, when the database engine cannot see the column values?

SELECT *
FROM customers
WHERE first_name LIKE 'DIMITRI%'
   OR last_name LIKE 'DIMITRI%'

How does one provide reporting functionality, when the database engine cannot see the column values?

SELECT sum(amount)
FROM card_transactions
WHERE amount >= 10
  AND amount <= 20
  AND transaction_timestamp >= '2019-01-01T00:00:00'
  AND transaction_timestamp <= '2019-01-31T23:59:59'
  AND processor = 'stripe'
 

This is an interesting thought experiment

Thanks for your feedback!. As for encrypting databases, you have to realize you cannot encrypt indexed columns.

Some ideas:

  • Don't encrypt metadata that is required server-side
  • Do search client-side, or build an encrypted index

Cheers!

code of conduct - report abuse