[interesting] Database Encryption
Robert Brenstein
rjb at rz.uni-potsdam.de
Wed Jan 22 14:00:54 CST 2003
>on 1/23/03 7:58 AM, Peter McConachie at pmccon at bigpond.net.au wrote:
>
>>
>>>> I can see that the simplest scheme is to encrypt only current tables and
>>>> fields - totally ignoring the rest.
>>>
>>> Explain this point please.
>>
>> What I was trying to say was that I imagine "that you currently encrypt only
>> current tables and fields - totally ignoring the rest". This is obviously
>> what you do.
>
>Which rest ???
>
>Which you have deleted ???
>
>I see what you mean.
>
>Yes I do not encrypt all space of database.
>Only DATA.
>
But from your earlier posts I gather that DATA above means data in
the current records/fields only. If I understood that correctly, then
records that are deleted still contain data that may be private but
becomes exposed now since they are not encrypted anymore.
You mentioned the option to zero (I presume you mean to nullify)
deleted records in version 2. Shouldn't that be done automatically
for encrypted tables and fields? Optional for other cases is fine. Or
you should continue to encrypt the deleted records/fields.
Further, I am not sure whether you want to wait until version 2 to
resolve this. You would not want to get into a scandal like Microsoft
exposing inappropriate content within Word files. Theoretically, we
should explicitely nullify all records/fields that we delete in such
a database, but in practice we may rely on automatic deletion or
simply forget to do it.
While you may not be legally liable for damages, reputation of
Valentina could be impacted. Wouldn't you agree, Lynn?
Robert
More information about the Valentina
mailing list