Reply to post: Re: In what way do you assert that excerpt requires

TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief

itzman

Re: In what way do you assert that excerpt requires

Just because there is a way to access the data, doesn't invalidate encrypting it. I.e. the ability to access your OWN data does not mean you can access everyone elses.

What good encryption does is to ensure that someone who copies the entire database alone cannot get access to reams of data.

However there is a downside to encrypting all of the customer data. SQL queries no longer work on fields that are encrypted.

And if you build the ability to search the encrypted database into the SQL level, then once again you are vulnerable to SQL injection.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021