Title says it all - is there any support for data encryption at rest in Clickhouse? I'm not interested in encrypted communication/replication, what I care about is data encryption at rest.
Kind regards
Tomasz
Not yet. It's in the roadmap. And under development https://github.com/ClickHouse/ClickHouse/pull/11844
Related
Hello to all
I did a lot of research on encrypting important data such as credit card numbers in Spring Boot, and three ways to securely encrypt data caught my attention:
Protect secrets with Hashicorp Vault
Column-level encryption
Data Encryption with Java Cryptographic Extensions
All three methods have their advantages and disadvantages. The initial setup of the vault requires a lot of configuration, and I could not find a complete and integrated source for learning it. Column-level data encryption imposes a large processing load on the server, and requires the management of cryptographic keys. The third case requires the creation, management and maintenance of encryption keys for each client request. Is there a better choice for managing sensitive customer data such as email addresses or credit card numbers? Or is it recommended to use Vault to manage the secrets of website users?
Can I encourage you to take a look at our product. I don't want this to be a shameless plug but as a developer who has felt your pain, I think you would want to take a look at what we have. We have designed it to address some of your concerns. ubiqsecurity.com.
To address your specific considerations.
MUCH easier than setting up Hashicorp Vault. We have demos of creating an account and sharing encrypted data in two different languages within 5 minutes. The demos should help you get started if necessary but I wouldn't expect you to need them. Our client libraries also have fully functional examples to help you get started.
This seems to be the reason DBAs are hesitant to turn on encryption within the DB layer. We are leaving the encryption at the application layer. If your encrypted DB is up and running and someone is on the DB server with harvested credentials is your DB really secure?
We manage encryption keys for you. Client uses an API key (similar to other SaaS). Data is encrypted on the client.
Please feel free to reach out to us if you have any questions. Again, not trying to be a shameless plug, but we know the problems developers face when working with encryption and feel our solution addresses a number of the issues you are facing as well as others you haven't even mentioned.
For security reasons we are planning to disable all write access to classes. Client applications (android and IOS sdks) will only have read-only access to the Parse data(classes)
Data stored in parse servers will be only modified by cloud functions. The cloud functions will call
Parse.Cloud.useMasterKey();
We have come up with this solution because it is nearly impossible to hide parse application ids and parse client key from attackers/hackers.
So is this a good solution? Are there any drawbacks? Does "Parse.Cloud.useMasterKey()" method have performance implications?
Thank you...
This is pretty standard practice, you implement your own security in your Cloud Functions and use the master key.
In theory it might be more efficient using the master key as the Parse servers don't have to process the Roles/Users/ACLs at all when the master key is used. Of course you need to balance that with any extra check your security logic does.
Is there any way to integrate C-language specific plugin of ESAPI with Oracle HTTP or IBM HTTP server. I mean can we integrate C-Lang specific code with Oracle HTTP server to achieve security. It can be Java specific plug in. Expectation is to achieve Sanitize what are the steps do I need to follow?
Thanks in Advance,
Bhanu.
I agree, it's not very clear what you are really trying to do here. If you are just trying to access some of the simple ESAPI validators or encoders, most of that has been implemented in the ESAPI for C project. I'd hate to recommend it because it pretty much is no longer maintained, and some of it is badly broken (e.g., the cryptography component), but if you're really desperate, it might be worth a look.
-kevin
I have developed a Lightswitch application and now after some discussions with my Boss, he would like a couple of the Database Fields encrypted. Now I haven't done any work with encrypting a Database Field but was wondering if Light switch natively supports encrypted fields?
Nope, LightSwitch does not support that at all and that sort of encryption/decryption needs to be transparent to LightSwitch. You would have to use native database encryption which I believe might be supported by SQL Server.
Is it possible to run the LDAP protocol over HTTP or HTTPS?
If so, does anybody know of a Ruby LDAP server which can be made to run on Heroku.com?
No, it is not possible to run LDAP over HTTP(S). LDAP is a binary protocol in its own right, described in ASN.1 and transmitted in BER. However, DSML provides some functionality that may interest you. DSML represents directory services information using XML.
Yes, certainly it is possible, I have one where LDAP entities are sent as JSON objects. Let me know if you are interested in taking a look at it. But this is in Java not Ruby but might throw some light..