0

Comparing ways of distributing and securely storing and querying structured and schemaless data.

Currently I am using MongoDB, but am looking into (Postgres|MySQL)&CryptDB, Cassandra and others.

What do I need to keep in mind, for securely storing and expressively querying [potentially] massive data?

A T
  • 183
  • 7
  • It depends what you mean by secure. Who is the adversary? – mikeazo May 11 '14 at 21:34
  • External hackers, data-centre owners (worst case scenario: [ensuring privacy and integrity in the untrusted cloud](http://www.cis.upenn.edu/~arielfel/pub/ajf-dissertation.pdf)) and authorised non-administrative users. – A T May 12 '14 at 06:17

1 Answers1

0

Sticking with MongoDB, and will setup:

  • 256-bit encryption of database filesystem (GridFS)
  • TLS between database servers and applications servers
  • TLS between application servers and consumers
  • User authentication on the application servers (scrypt for password, expiring tokens for login, x509 certs required for generating+using client_id, client_secret)
  • User authentication on the database servers
  • Internal message-passing queue
    • Two-time use username+password should be generated and stored in encrypted database.
    • Password used to encrypt message payload, username added into header.
    • Popping message hits database for password, which is then used to decrypt payload.

Frontends consuming my RESTful API can add another level of security: encrypting data before it hits my application and database servers. HIPAA and other compliance will also be checked before opening for beta testing.

A T
  • 183
  • 7