DEV Community

Discussion on: Encrypting your users’ data is no longer optional

Collapse
 
mitchjacksontech profile image
Mitch Jackson

This is an interesting thought experiment. I am curious how base functionality would be implemented.

Suppose I'm using Postgresql, and I encrypt the contents of every column at the application level before inserting values into the database.

How does one provide general search functionality, when the database engine cannot see the column values?

SELECT *
FROM customers
WHERE first_name LIKE 'DIMITRI%'
   OR last_name LIKE 'DIMITRI%'

How does one provide reporting functionality, when the database engine cannot see the column values?

SELECT sum(amount)
FROM card_transactions
WHERE amount >= 10
  AND amount <= 20
  AND transaction_timestamp >= '2019-01-01T00:00:00'
  AND transaction_timestamp <= '2019-01-31T23:59:59'
  AND processor = 'stripe'
Collapse
 
dmerejkowsky profile image
Dimitri Merejkowsky

This is an interesting thought experiment

Thanks for your feedback!. As for encrypting databases, you have to realize you cannot encrypt indexed columns.

Some ideas:

  • Don't encrypt metadata that is required server-side
  • Do search client-side, or build an encrypted index

Cheers!