Idea - Entity Attribute Encryption Setting

Idea - Entity Attribute Encryption Setting

  
I posted the following idea.  Just wanted it to be seen by more people and hopefully get some votes so I'm posting here as well.

I have a requirement to encrypt selected entity attributes within an entity (Social Security, Credit Card, etc). In the help someplace I was able to find, if I read it correctly, where it says that password fields are encrypted in the database. If this is true, it would seem to be easy to add a setting that invokes this function on any field.

It looks like ardoCrypto in the Forge could be used for this but with all the issues in the news about securing data this seems like a very necessary feature that should be built into the platform.

Link - http://www.outsystems.com/ideas/1531/entity-attribute-encryption-setting/
But password fields have a unidirectional encription, other fields would need a reversible encription.

That property could be there, but with some personalization so that we don't all end up with the exact same decrypt function. That isn't very secure. At least no more than the db itself.
Having said that, why don't you implement your own, following your company security specification and regulations?
Thanks for the info.  Forgot about the typical 'one-way' encryption used for passwords.  The requirement is just to have it encrypted but I will ask to see if I can get them to be more specific and implement that.
I'm sure they could have a list of common algorithms... I'm curious where you intend to store the secret in a way that keeps it out of an attacker's hands. I've never trusted 2 way encryption for this reason...

J.Ja
Obviously I'm not the first person to have this requirement.  Let's take Social Security number for example.  As people in the US know, identity theft has become a big issue with knowledge of someone's SSN a major concern.  This is why the requirement for encryption within the database exists.  I also have the requirement that I can look up records in the 'back office' portion of the application using SSN to assist users.  This is why I believe I need a two way encryption.  But if it's encrypted can I even do this look up?

Looking at the ardoCrypt extension in Forge it is obvious I need a password to pass as a parameter.  I would anticipate creating a separate secured eSpace as a jacket function around this with just a few people (maybe 3) having access to this. 

Obviously I'm no security expert but I'm not the first person trying to solve this.  Someone somewhere has the answer.  I'll just have to figure out what will satisfy these requirements. 

Thanks again for your help.

Maybe something like this?

http://technet.microsoft.com/en-us/library/bb510663.aspx

Check out the Transparent Data Encryption section.
Excellent reference!  I'll have to do some experimentation with all this.  Again, thanks for the quick response.
any luck on implementing this within the Outsystems-platform?

Unfortunately I haven't spent any time on this due to other commitments.  Hopefully I can get back to it soon.