Geek Answers Handbook

Application Database Anonymization

I would like to store real names, emails and any other personally identifiable information from my main application database and into another database / encrypted file. And I'm curious if there is a solution for this practice or if I am completely redefining something.

Some thoughts I had were as follows:

  • The user logs in with a username and password, which are also hashed in the primary database.
  • Then this server makes some kind of secure call in the member database with user id
  • And as a result, the participants database returns a name, email address, address, etc.

I am wondering if this is the right approach, and if so, where the keys are stored and authenticated, etc.

+5
source share
1 answer

This is an interesting question, I think, but he needs some more context. That is, you need to clearly understand who you want to anonymize. That is, who is the threat here? Do you want information to be hidden from the public? Clearly this is trivial, just don't show it (don't tie it). Do you want information to be hidden from someone who is accessing your database? How hidden? How will they access your db? Can they, if they gain access to anonymous, gain access to another? OpenID may also be of interest to you (external authentication, you just perform role management).

.

( db, ..), , , .

, 1 - - . (.. ).

+2

More articles:


All Articles