...
To ensure data privacy and minimize data vulnerability, OpenSpecimen provides an option to encrypt the MySQL database "at rest" and "at in transit".
At Rest: Ensures the database files are in an encrypted format on the disk.
At In Transit: Ensures the data passing through the network to the application is encrypted.
In both techniques, the malicious user won't be able to decrypt data.
Data
...
At Rest
In the database, all the patient data is stored in data files. There is a chance that an attacker can retrieve sensitive data if they get direct access to such files. To avoid this, one can encrypt the data files using the keyring plugin provided by MySQL.
...
Expand | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
i) To encrypt a database table we run ALTER TABLE <TABLE_NAME> ENCRYPTION=”Y” ii) Similarly, we’ll need to encrypt every table in the database. For this, we can generate a master-sql file, which will have the query to alter all the existing DB tables. iii) Follow the below procedure to create a master-query.
TEE: This command reads the standard input and writes it to the file as well as standard output. iv) Remove the table structure and the select query captured in the ‘encrypt_tables.sql’ file using the below command.
v) Again login into MySQL database and run the ‘source processed_encryption_table.sql’.
vi) Check if all tables are encrypted are not by noting ENCRYPTION="Y" flag under the CREATE_OPTIONS column.
|
Data
...
In Transit
Gliffy | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...