BrettFeb 25

Have you ever worked anywhere that actually encrypted sensitive information at a column/field/table level? Or did your credit card/loan/insurance/etc processing service tick the “encryption at rest” checkbox and move on?

#data

Show threadThe Worst Timeline

@bflipp I don’t think SQL Server supported it natively when I was a DBA, so it required the app devs to do it.

And the solution I helped admin was terrible about security; it was the last thing that was on their mind.

The only thing that was encrypted was user access passwords, and they used a DLL that only supported symmetric encryption.

I hacked it in a matter of minutes so I could write my own modules that used the system’s security for a seamless user experience.

Feb 25 at 9:17pmWeb
Show threadThe Worst TimelineFeb 25
@bflipp The answer to PCI compliance? No credit card info was retained (even though the app supported it) and we had a nightly job check to make sure those fields remained null. #bodge