Reply to post: Re: encryption doesn't help?

TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief


Re: encryption doesn't help?

The point is really whether the database itself is compromised, or the code that accesses it.

If the database is compromised but the codebase is secure, then keys in the code are secure, and the database is worthless.

It is even possible to locate the key somewhere else in a hidden file so that even if the code is known, the key is not.

Nothing is secure on a rooted machine, but a lot can be made secure on a machine that is not rooted. But is still hacked.

The point about SQL injection is that it exposes some or all of the tables, not the code base or the machines total file system

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021