Unrelational Database Project
Posted by david on 21 May 2014 at 6:10 pm
I haven't named the project yet, but I am working on a new way to encode data in relational databases. The premise is there is only a certain amount of data that can feasibly be encypted/decrypted and processes. That means if someone gains access to a database they will inevitably be able to see how relational data across tables is related and therefore exploit that data. A solution I am working on to solve this problem is to have a PHP class that encodes/decodes item ids, thereby making data appear to not be related or random. The class would generate a new encoded id for a particular decoded id and use it for an instance of related data, never referencing the legitimate item id in the database. Why? Because even large corporations (Ebay, Target, etc) have a hard time protecting data. You can't only depend on connection security to protect it. Direct encryption can only be used to the extent that it can be processed, you cant encrypt everything. It was announced today that Ebay was hacked and someone potentially has user data for 150 million Ebay users: their names, birthdays, user names, email, addresses, passwords, etc. Someone has the data (potentially) and could easily build a script to navigate that data. If item ids were different in every table, it would be likely impossible to ever discern how all of that data is related. This new project isnt intended to encode every id, that would likely become tedious for even the server to discern. The idea is to apply it to sensitive information, but it could be used on a broader scale to an extent. I'll keep you posted on the progress.
Log in to comment