In the first chapter you learned about the underlying concepts of password security, and the current state of the industry and standards that are employed. Let’s start putting some of that into practice as we explore the practical application of password encryption and security. To start this implementer’s approach, let’s first look at the ways that data can be transmitted and stored.
As we start to explore the concepts of data security, there are two important concepts that we should address: data in motion versus data at rest.
When we talk about data at rest, we mean the inactive (or resting) digital data that is being stored on your servers, such as the databases that you are using to store passwords, profile information, or any other details needed within your application.
When we discuss the concept of data in motion, we’re talking about any data that is in transit, being sent back and forth from an application to a database, or communication back and forth between websites and APIs or external data sources.
If you’re talking about credit card environments, where you’ve got a requirement to encrypt the credit card information at rest, I think the most common method people use there is enabling encryption within the database. That’s typically about as good as it gets in terms of host-based encryption.1
Chris Gatford, Hacklabs
Web and application developers ...