2

One of the clients I'm working with is requesting that I encrypt my database. The problem is, none of my other clients need or care about this.

I am wondering two things:

  1. How costly (performance) is it to encrypt my entire database? I.e. how much slower will my read / writes be?

  2. Is there anyway I can provision a small separate DB, or segment my current DB on Heroku and host that one specific client's data (wherein their data is fully encrypted).

Thanks! Ringo

Improve this question
2
  • 1
    Encryption isn't magic secret security sauce. Where will the keys be kept? Will they be stored encrypted and require an off-site passphrase to be manually entered when the app starts? etc. If you just encrypt the data then store the key in the DB, that's a total waste of time. The client should focus on their actual threat model - what are they trying to protect against? Commented Jun 26, 2014 at 2:09
  • 1
    See also: See: stackoverflow.com/q/12329652/398670, stackoverflow.com/a/8305335/398670, stackoverflow.com/a/12615409/398670 Commented Jun 26, 2014 at 2:16
Related questions
14
How to secure user data in the database with Rails?
13
Rails: storing encrypted data in database
9
Heroku - How to encrypt the database
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.