Security Corner:
Application-level Data Security
By Eric Mann
Developers often conflate two different modes of data encryption when protecting the systems on which their applications run. One is encryption at rest—actually encrypting the files the database engine uses to persist state to the hard drive. The other is application-level encryption—where the application itself knows the encryption key and protects data directly. These approaches are similar, but they are not the same. It behooves the savvy developer to understand the difference between them and how to leverage both to secure application data fully.
This article was originally published in the February 2018 issue of php[architect] magazine. To read the complete article please subscribe or purchase the complete issue.
Leave a comment
Use the form below to leave a comment: