...
In both techniques, the malicious user won't be able to decrypt data.
Encrypting Data At Rest
In the database, all the patient data is stored in data files. There is a chance that an attacker can retrieve sensitive data if they get direct access to such files. To avoid this, one can encrypt the data files using the keyring plugin provided by MySQL.
Gliffy | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The keyring file is the main file that stores key using which the tablespace (where all table data files are stored) is encrypted. The keyring plugin is used for this purpose.
...
Expand | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
i) To encrypt a database table we run ALTER TABLE <TABLE_NAME> ENCRYPTION=”Y” ii) Similarly, we’ll need to encrypt every table in the database. For this, we can generate a master-sql file, which will have the query to alter all the existing DB tables. iii) Follow the below procedure to create a master-query.
TEE: This command reads the standard input and writes it to the file as well as standard output. iv) Remove the table structure and the select query captured in the ‘encrypt_tables.sql’ file using the below command.
v) Again login into MySQL database and run the ‘source processed_encryption_table.sql’.
vi) Check if all tables are encrypted are not by noting ENCRYPTION="Y" flag under the CREATE_OPTIONS column.
|
Encrypting Data In Transit
Gliffy | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
In this step, we create self-signed SSL certificates for MySQL server to communicate using SSL. The certificate file is shared with the application so that it can store certificates in its TrustStore file and application can trust the MySQL server.
...