Session Bean Data Encryption Design?
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Anthony_Law
Posted On:   Tuesday, June 3, 2003 11:08 AM

Hi all, What is the general practice for encrypting sensitive info (eg VISA/MC) in EJBs before persisting to a datasource? My plan is to provide encrypt/decrypt methods in my Session Beans to hide/unhide data. I already wrote a thread-safe AES util class (using BouncyCastle) that would take in a secretKey & do the grunt work. Please tell me: 1) Whether I'm on the right track, and what is the most efficient way to make this util class available to my EJBs. 2) If there is a way to access my Keystore entries within my EJBs (deployed in JBoss), so I can grab a private or secret key. 3) Whether there is any need to create a pool of my Crypto util    More>>

Hi all,


What is the general practice for encrypting sensitive info (eg VISA/MC) in EJBs before persisting to a datasource?



My plan is to provide encrypt/decrypt methods in my Session Beans to hide/unhide data. I already wrote a thread-safe AES util class (using BouncyCastle) that would take in a secretKey & do the grunt work. Please tell me:



1) Whether I'm on the right track, and what is the most efficient way to make this util class available to my EJBs.




2) If there is a way to access my Keystore entries within my EJBs (deployed in JBoss), so I can grab a private or secret key.


3) Whether there is any need to create a pool of my Crypto util class, if deployed in a single CPU env.


Thanks,


Anthony.    <<Less
About | Sitemap | Contact