Document Management SystemProject Type: software

Document Management System

Uploaded image for project: 'Document Management System'
  1. Document Management System
  2. DMS-2349

Column Level Encryption - MySQL

    Details

    • Type: Epic
    • Status: To Do
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Company:
      All Clients/Multiple Clients
    • Epic Name:
      Application level security

      Description

      Application level security
      Columns containing PII data in database are saved as plain text. Looking at options to encrypt this data and will share more details next week
      DMS document template has permission settings to restrict view of sensitive data (SSN, DOB etc.). At the moment this has to be configured by the customer or CB implementation team. We can put in checks for some of the known attributes to prevent recruiters/admins from being able to see the data entered by candidates.
      If the customer does capture any other PII data that we cannot be aware about, they need to take care of setting appropriate permissions. From DMS side, we can only encrypt the data.

        Attachments

          Issue Links

          relates to

          Research - Research DMS-2350 MYSQL Table level encryption R&D

          • Medium - Has the potential to affect progress.
          • Done

            Activity

            Ascending order - Click to sort in descending order
            samir Samir created issue -
            samir Samir made changes -
            Field Original Value New Value
            Sprint Dec 2020 Release - Sprint 1 [ 232 ]
            samir Samir made changes -
            Link This issue relates to DMS-2350 [ DMS-2350 ]
            samir Samir made changes -
            Description Application level security
            Columns containing PII data in database are saved as plain text. Looking at options to encrypt this data and will share more details next week
            DMS document template has permission settings to restrict view of sensitive data (SSN, DOB etc.). At the moment this has to be configured by the customer or CB implementation team. We can put in checks for some of the known attributes to prevent recruiters/admins from being able to see the data entered by candidates.
            If the customer does capture any other PII data that we cannot be aware about, they need to take care of setting appropriate permissions. From DMS side, we can only encrypt the data.             		Application level security
            Columns containing PII data in database are saved as plain text. Looking at options to encrypt this data and will share more details next week
            DMS document template has permission settings to restrict view of sensitive data (SSN, DOB etc.). At the moment this has to be configured by the customer or CB implementation team. We can put in checks for some of the known attributes to prevent recruiters/admins from being able to see the data entered by candidates.
            If the customer does capture any other PII data that we cannot be aware about, they need to take care of setting appropriate permissions. From DMS side, we can only encrypt the data.


            Below are the efforts for column level encryption. As of now we can estimate it as 2 Sprint effort with 2 team members
             
            https://jira.workterra.net/browse/DMS-2349
             
            Sr. No
            Tasks
             
             
            1
            Scope Identify: List of DMS Table with their Attributes
            2
            Modify Data Type
             
             
             
            Key Management:
             
            Master key management(Storing and passing down in queries)
            3
            Create new Table for storing Keys by Client
            4
            UDF 1: Client ID Return Key
            5
            UDF 2: Encrypt (Column Name will Encrypt) --- AES_ENCRYPT
            6
            UDF 3: Decrypt (Column Name will Encrypt) --- AES_DECRYPT
             
             
            7
            Identify Insert queries (Columns)
            8
            Modify for Encryption (Columns)
            9
            Identify Select queries (Columns)
            10
            Modify for Decryption (Columns)
            11
            Identify Update queries (Columns)
            12
            Modify for Encryption (Columns)
             
             
            13
            Migration of Existing Data
            14
            Performance test
            15
            Integration Testing & Regression of Existing API
            samir Samir made changes -
            Description Application level security
            Columns containing PII data in database are saved as plain text. Looking at options to encrypt this data and will share more details next week
            DMS document template has permission settings to restrict view of sensitive data (SSN, DOB etc.). At the moment this has to be configured by the customer or CB implementation team. We can put in checks for some of the known attributes to prevent recruiters/admins from being able to see the data entered by candidates.
            If the customer does capture any other PII data that we cannot be aware about, they need to take care of setting appropriate permissions. From DMS side, we can only encrypt the data.


            Below are the efforts for column level encryption. As of now we can estimate it as 2 Sprint effort with 2 team members
             
            https://jira.workterra.net/browse/DMS-2349
             
            Sr. No
            Tasks
             
             
            1
            Scope Identify: List of DMS Table with their Attributes
            2
            Modify Data Type
             
             
             
            Key Management:
             
            Master key management(Storing and passing down in queries)
            3
            Create new Table for storing Keys by Client
            4
            UDF 1: Client ID Return Key
            5
            UDF 2: Encrypt (Column Name will Encrypt) --- AES_ENCRYPT
            6
            UDF 3: Decrypt (Column Name will Encrypt) --- AES_DECRYPT
             
             
            7
            Identify Insert queries (Columns)
            8
            Modify for Encryption (Columns)
            9
            Identify Select queries (Columns)
            10
            Modify for Decryption (Columns)
            11
            Identify Update queries (Columns)
            12
            Modify for Encryption (Columns)
             
             
            13
            Migration of Existing Data
            14
            Performance test
            15
            Integration Testing & Regression of Existing API
            		Application level security
            Columns containing PII data in database are saved as plain text. Looking at options to encrypt this data and will share more details next week
            DMS document template has permission settings to restrict view of sensitive data (SSN, DOB etc.). At the moment this has to be configured by the customer or CB implementation team. We can put in checks for some of the known attributes to prevent recruiters/admins from being able to see the data entered by candidates.
            If the customer does capture any other PII data that we cannot be aware about, they need to take care of setting appropriate permissions. From DMS side, we can only encrypt the data.


             
            narendra.kumar Narendra Kumar made changes -
            Sprint Dec 2020 Release - Sprint 1 [ 232 ] Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2 [ 232, 233 ]
            narendra.kumar Narendra Kumar made changes -
            Sprint Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2 [ 232, 233 ] Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1 [ 232, 233, 258 ]
            narendra.kumar Narendra Kumar made changes -
            Sprint Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1 [ 232, 233, 258 ] Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2 [ 232, 233, 258, 259 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2365 [ 123296 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2366 [ 123297 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2367 [ 123298 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2368 [ 123302 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2369 [ 123303 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2370 [ 123304 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2371 [ 123306 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2372 [ 123307 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2373 [ 123308 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2374 [ 123309 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2375 [ 123310 ]
            narendra.kumar Narendra Kumar made changes -
            Sprint Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2 [ 232, 233, 258, 259 ] Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260 ]
            narendra.kumar Narendra Kumar made changes -
            Sprint Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260 ] Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2 [ 232, 233, 258, 259, 260, 261 ]
            narendra.kumar Narendra Kumar made changes -
            Sprint Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2 [ 232, 233, 258, 259, 260, 261 ] Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260, 261, 262 ]
            narendra.kumar Narendra Kumar made changes -
            Sprint Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260, 261, 262 ] Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1, March 2021 Release - Sprint 2 [ 232, 233, 258, 259, 260, 261, 262, 263 ]
            narendra.kumar Narendra Kumar made changes -
            Sprint Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1, March 2021 Release - Sprint 2 [ 232, 233, 258, 259, 260, 261, 262, 263 ] Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1, March 2021 Release - Sprint 2, April 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260, 261, 262, 263, 264 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2429 [ 127556 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2435 [ 127651 ]
            harshveer.singh Harshveer Singh (Inactive) made changes -
            Epic Child DMS-2434 [ 127650 ]
            narendra.kumar Narendra Kumar made changes -
            Sprint Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1, March 2021 Release - Sprint 2, April 2021 Release - Sprint 1 [ 232, 233, 258, 259, 260, 261, 262, 263, 264 ] Dec 2020 Release - Sprint 1, Dec 2020 Release - Sprint 2, Jan 2021 Release - Sprint 1, Jan 2021 Release - Sprint 2, Feb 2021 Release - Sprint 1, Feb 2021 Release - Sprint 2, March 2021 Release - Sprint 1, March 2021 Release - Sprint 2, April 2021 Release - Sprint 1, April 2021 Release - Sprint 2 [ 232, 233, 258, 259, 260, 261, 262, 263, 264, 265 ]

              People

              Assignee:
              samir Samir
              Reporter:
              samir Samir
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated: