I have just discovered about Stack Overflow and I am just checking if you will find suggestions for a constraint I am getting with a few buddies inside a project, though this really is much more of a theoretical question that I have been looking for a solution for a while.

I am very little given into cryptography but when I am not obvious enough I'll attempt to edit/comment to explain any queries.

Attempting to be brief, the atmosphere is one thing such as this:

  • A credit card applicatoin in which the front-finish as use of secure/decrypt secrets and also the back-finish is simply employed for storage and queries.

  • Getting a database that you cannot connect for a few fields for instance let us say "address" that is text/varchar as always.

  • You do not have the key for decrypting the data, and all sorts of information involves the database already encoded.

The primary issue is something similar to this, how you can consistently make queries around the database, you can't really do things like "where address like '%F§YU/´~#JKSks23%'". (IF there's anybody feeling by having an answer with this you can shoot it).

But could it be ok to complete where address='±!NNsj3~^º-:'? Or wouldn't it also completely consume the database?

Another restrain that may apply would be that the front-end does not cash processing energy available, so already encrypting/decrypting information begins to push it to the limits. (Saying this simply to avoid replies like "Conveying a join of tables towards the front-end and query it there".)

Could someone point me inside a direction to help keep considering it?


Well thank you for so quick replies at 4 AM, for the initial usage I am really feeling impressed with this particular community. (Or possibly I am it is simply for that different time zone)

Just feeding some good info:

The primary problem encompasses partial matching. Like a mandatory requirement in many databases would be to allow partial matches. The primary constraint is really the database owner wouldn't be permitted to appear within the database for information. Throughout the final ten minutes I have develop a potential solution which stretches again to possible database problems, that I'll add here:

Possible means to fix allow semi partial matching:

  • The password + a few public fields from the user are really the important thing for encrypting. For authentication the concept would be to secure a static value and compare it inside the database.
  • Developing a new group of tables where details are saved inside a parsed way, meaning something similar to: "fourth Street" would become 2 encoded rows (one for '4th' another for 'Street'). This could already allow semi-partial matching like a search would be able to be carried out around the separate tables.

New question:

  • Would this most likely consume the database server again, or does anybody believe it is a viable solution for that partial matching problem?

Publish Scriptum: I have unaccepted the solution from Cade Roux simply to permit further discussion and specifically a potential response to the brand new question.

It can be done how you describe - effectively querying the hash, say, there is however very few systems with this requirement, because at that time the safety needs are disturbing other needs for that system to become functional - i.e. no partial matches, because the file encryption rules that out. It is the same issue with compression. Years back, in an exceedingly small atmosphere, I needed to compress the information before putting it within the data format. Obviously, individuals fields couldn't be easily looked.

Inside a more typical application, ultimately, the secrets will be open to someone within the chain - most likely the net server.

For consumer traffic SSL safeguards that pipe. Some network switches can safeguard it between web server and database, and storing encoded data within the database is okay, but you are not likely to query on encoded data like this.

And when the information is displayed, it's available around the machine, so any general purpose computing device could be circumvented at that time, and you've got perimeter protection outdoors of the application which really come up.

why don't you secure the disk holding the database tables, secure the database connections, and allow the database operate normally?

[i do not really comprehend the context/contraints that need this degree of paranoia]

EDIT: "law constraints" right? I really hope you are not involved with anything illegal, I'd hate to become an accidental accessory... -)

when the - ahem - legal constraints - pressure this solution, then that's all there's to become done - no LIKE matches, and slow response when the client machines can't handle it.