A question about the scope of data encryption...
If an encryption key is configured but I am NOT storing any credit data, is there any other data that is encrypted? If not, then I assume it is fine not to set an encryption key and this should not impact PCI compliance (other requirements aside).
Thanks
Scope of encryption
Re: Scope of encryption
A couple other questions
1. If an encryption key is set, can the DB ever be reset to no longer use an encryption key? The use case would be if cc numbers are initially stored but business requirements change later and the encryption is no longer required.
2. The encryption key instructions are a little unclear to me for the section on backup key restoration. It says
1. If an encryption key is set, can the DB ever be reset to no longer use an encryption key? The use case would be if cc numbers are initially stored but business requirements change later and the encryption is no longer required.
2. The encryption key instructions are a little unclear to me for the section on backup key restoration. It says
If I understand this correctly, this section (Restore Encryption Key) is actually for when you want to restore a db that has been encrypted. Is the intent of the above explanation meant to indicate for example, if you move the db to a new AC instance, no encryption key would be set, so you would need to restore the data by loading the backup keys? Is this the right way of interpreting this? So while I may technically restoring the key, what I really would be intending to do is restore my access to the data.The key currently being used will be replaced with the backup
- Logan Rhodehamel
- Developer
- Posts: 4116
- Joined: Wed Dec 10, 2003 5:26 pm
Re: Scope of encryption
There are some other areas where the encryption key is used. An example I can think of off hand is in the CAPTCHA images. If you don't set an encryption key, the answer to the captcha appears in clear text in the image link.
It's not a well documented but in the field where you type random text to change your key, you can type DECRYPT and it will undo the encryption.
It's not a well documented but in the field where you type random text to change your key, you can type DECRYPT and it will undo the encryption.
Cheers,
Logan
.com
If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.
Logan
.com
If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.