"Cryptography in the Database", Kevin Kenan, 2006, 0-321-32073-5,
%A Kevin Kenan www.KevinKenan.com
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%I Addison-Wesley Publishing Co.
%O U$44.99/C$62.99 416-447-5101 800-822-6339 bkexpress@...
%O Audience a Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 277 p.
%T "Cryptography in the Database: the Last Line of Defense"
The preface states that the intended reader is the technical lead for
the protection of information in a database. This person should be
well familiar with databases, and have a passing knowledge of
Part one deals with database security. Chapter one states that
databases are important, and we should protect them. A brief review
of database concepts (limited to relational databases) and a rather
longer, and quite complete, overview of cryptography, is in chapter
Part two outlines a cryptographic infrastructure. Chapter three
examines keys and key management. Algorithms, and symmetric block
algorithm modes, are covered in chapter four. More of key management
is addressed in chapter five. Chapter six looks at the logical
(rather than programming) interfaces between encryption, decryption,
and the application.
Part three reviews the overall cryptographic project. Chapter seven
discusses project management. Ways of specifying security aspects of
the system are suggested in chapter eight, while nine examines design.
Some general principles for secure implementation are listed in
chapter ten. Various types of testing are reviewed in chapter eleven.
Chapter twelve looks at the deployment, monitoring, and removal of an
Part four contains sample Java code. There is an explanation of the
code, and then a key vault, manifest, manager, engine, cryptographic
service provider, client, exception handling code, and a run of the
system in operation.
Rather than an actual text on the special needs of databases for
cryptography, this is more like a general review of cryptographic
concepts with some attention paid to examples that would deal with
certain database issues. The material is sound enough, as far as it
goes. But those who maintain large databases and wish to see
practical solutions for the problems they face may be disappointed.
copyright Robert M. Slade, 2005 BKCRPDBS.RVW 20051111
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
My son, beware ... of the making of books there is no end,
and much study is a weariness of the flesh. - Ecclesiastes 12:12