D
David Smith
I have writen a class that uses certificates to encrypt
data on my web servers prior to storing it in a database
and would like to know if there are any flaws associated
with this design. I chose this because there are no keys
to manage in configuration files and certificates are
already in use for web service security using WSE 2.0. It
takes a string and encrypts it and passes back the
ecrypted string for storage in the database. Web servers
have the public key for encryption while the backend
servers (not public facing) have the public and private
keys which can be used for encrypting and decrypting the
data for various processes.
data on my web servers prior to storing it in a database
and would like to know if there are any flaws associated
with this design. I chose this because there are no keys
to manage in configuration files and certificates are
already in use for web service security using WSE 2.0. It
takes a string and encrypts it and passes back the
ecrypted string for storage in the database. Web servers
have the public key for encryption while the backend
servers (not public facing) have the public and private
keys which can be used for encrypting and decrypting the
data for various processes.