Encrypting your users’ data is no longer optional

Dimitri Merejkowsky on January 22, 2019

While balancing privacy and innovation is one of today’s most critical issues in technology development, let’s identify data encryption’s opportu... [Read Full]
markdown guide
 

This is an interesting thought experiment. I am curious how base functionality would be implemented.

Suppose I'm using Postgresql, and I encrypt the contents of every column at the application level before inserting values into the database.

How does one provide general search functionality, when the database engine cannot see the column values?

SELECT *
FROM customers
WHERE first_name LIKE 'DIMITRI%'
   OR last_name LIKE 'DIMITRI%'

How does one provide reporting functionality, when the database engine cannot see the column values?

SELECT sum(amount)
FROM card_transactions
WHERE amount >= 10
  AND amount <= 20
  AND transaction_timestamp >= '2019-01-01T00:00:00'
  AND transaction_timestamp <= '2019-01-31T23:59:59'
  AND processor = 'stripe'
 

This is an interesting thought experiment

Thanks for your feedback!. As for encrypting databases, you have to realize you cannot encrypt indexed columns.

Some ideas:

  • Don't encrypt metadata that is required server-side
  • Do search client-side, or build an encrypted index

Cheers!

code of conduct - report abuse