Encrypting the data adds another layer of security to an application supporting a finance-related business. If the data is stolen, contracts and assurances mean little. That being said, a legal contract has little meaning to unethical employees or hackers. Not sure if this is even possibe, or if Moodle can even work with an encrypted database, but that's why I'm asking the questions here.Īs for trusting the host provider, they are solid, reputable, and all the contractual agreements are in place (we already have a relationship with them for other hosting). Our Moodle database is on a different server than the application, and would use the same arrangement when migrated, so to my thinking, the encryption key would be on the application server, not the database server. That would definitely require some hacking in Moodle. Question coming up - can you encrypt the 'moodledata' directory? More data-at-rest. What are the training materials? If they are SCORM or somesuch then they're not in the database at all. Having skimmed that article I suppose I have to concede that it would be one more thing for a data "thief" to get by if some administrative error left the database open. Ultimately with sensitive data you have to trust *somebody*. I still think that if you don't trust your hosting company to look after your data you are going to have a difficult time. for the avoidance of doubt I just wanted to know why this was required because I've genuinely never seen it asked before. The thing I don't get - and I'm more than prepared to be educated - is that if you don't trust your hosting provider (which I think is what the OP is fundamentally saying) then who holds the decryption keys? I can't imagine a scenario where (given that Moodle is scripted not compiled, particularly) where someone with free access to the server could not access the decrypted information.īTW.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |