I have some sensitive data i am storing such as credit card numbers. What is the standard method of encrypting the data when it is stored in my postgresql database?

Jasypt provides an integration package (org.jasypt.hibernate.type) which provides several Hibernate UserType implementations to allow one or several of the properties in a mapped Hibernate entity to be declared as being of an encrypted type


Site:- http://www.jasypt.org/hibernate3.html

ok..

rate me if possible........

I don't know if there is a real standard way of doing this since some DBAs want there data encrypted directly in the database with a stored key in the database. (*rant* By the way not secure, the key should never be stored with the data.) I am making an assumption on your question that you would like the data stored encrypted and then decrypted once the data is queried so that your application is able to process payments as such. If this is the case I am guessing the Jasypt would probably help, but I can't speak to much to it since I've never used it. Another way of implementing your own encrypt/decrypt methods would be to implement the Hibernate Interceptor interface to read/modify the bean's encrypted field before insert/update and after select before the data is returned. If this is what you are looking for let me know and I might have a little time to work up a simple example.

OK, but what safer place, apart from a tape, is there than a reliable database engine to store data (yes, that means MySQL gets out of the picture here)? Of course, it also means that access to the database server is strictly controlled. It should be, anyway.

What's more, for any operations that require a filter on the column, if you don't allow the data to be decrypted on the database side, it is up to your application to do the filtering. Not a good choice.

I differ strongly on the above opinion. If you store the data and key in the database anyone that is able to get access to a backup or the server has the data. Why encrypt data that can be easily accessed by anyone that is able to access the box? The consumer of the data should be able to decrypt it separately so that the data is truly secure.

Obviously someone has to hold the key.