Currently we are creating one small service, where we are using some sensitive data from users(not worth zillions but to me it is like password). The idea is that application itself only inserts this data into db and creates some jobs to run in queue.
The problem is how to secure this sensitive data?
Currently the only good solution which I see is:
Encrypt and hash this data on application server. So in db we have hash for verification/comparison, encrypted encryption key and encrypted data. Encryption key in encrypted with public key.
On queue worker server we have private key, which allows us decrypt and process data.
Why I see this working. 1. In case of sql injection only encrypted data is compromised. 2. In case application machine is compromised there is still no private key to decrypt data. 3. Queue worker server is quite isolated and sits under firewall. So private key is somehow safe.
Does this sounds like a plan?
Aucun commentaire:
Enregistrer un commentaire