SlideShare una empresa de Scribd logo

Grails Jasypt Encryption Plugin

T
Ted Naleid

The Jasypt Encryption plugin for Grails allows field level encryption in your database. It's integrated into GORM/Hibernate for ease of use. It can also be extended to encrypt any type of information you store in your database.

Tecnología
1 de 39
Descargar para leer sin conexión
Grails Jasypt Encryption by Ted Naleid
Who am I?
Overview What is it? Why did we need it? Advantages Limitations How is it used?
What Is It?
grails plugin that integrates strong encryption into GORM
allows field-level encryption on any domain object or field type
import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
built on Jasypt Simplified Encryption framework
Jasypt leverages Java Cryptography Extensions (JCE)
Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
Why did we need it?
constant automated hacking attempts happen on every computer on the public internet
cloud computing potentially adds security weak points
if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
full disk encryption has many drawbacks and limitations
field level encryption lets you protect the sensitive things – everything else is at full speed
don’t need to outrun the bear
advantages
encrypt only what you need to
strongly protects info even if your database gets rooted or someone steals a database dump
painless integration into your domain
Limitations
encrypted fields take up extra space in database
import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
breaks using field in WHERE clause (so dynamic finders for this field don’t work)
How is it used?
how do I install it? grails install-plugin jasypt-encryption
how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
all encrypted values stored as strings in the database
java.lang.String supported out of the box
just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
Quick Demo
Links Grails Jasypt Plugin http://bitbucket.org/tednaleid/grails-jasypt/wiki Jasypt http://www.jasypt.org/ Bouncy Castle (AES) http://www.bouncycastle.org/java.html Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)
Questions?

Recomendados

E invoicing
E invoicing E invoicing
E invoicing Veronika Tondon
 
Lecture 11 misrepresentation - cases
Lecture 11 misrepresentation - casesLecture 11 misrepresentation - cases
Lecture 11 misrepresentation - casesRamona Vansluytman
 
Case laws in indian contract act 1872
Case laws in indian contract act 1872Case laws in indian contract act 1872
Case laws in indian contract act 1872manjit29
 
Value Realization with SAP Ariba Solutions Approach, Measurement, and Success
Value Realization with SAP Ariba Solutions Approach, Measurement, and SuccessValue Realization with SAP Ariba Solutions Approach, Measurement, and Success
Value Realization with SAP Ariba Solutions Approach, Measurement, and SuccessSAP Ariba
 
Delivery
Delivery Delivery
Delivery SHARMILASHARE
 
Leveraging Ariba Sourcing eAuction Functionality
Leveraging Ariba Sourcing eAuction FunctionalityLeveraging Ariba Sourcing eAuction Functionality
Leveraging Ariba Sourcing eAuction FunctionalitySAP Ariba
 
Legal incidents of Sale & agreement to sell
Legal incidents of Sale & agreement to sellLegal incidents of Sale & agreement to sell
Legal incidents of Sale & agreement to sellANUJ CHAUDHARY
 
Procure to pay ppt
Procure to pay pptProcure to pay ppt
Procure to pay ppttiffanymaetua
 

Recomendados

E invoicing
E invoicing E invoicing
E invoicing Veronika Tondon
 
Lecture 11 misrepresentation - cases
Lecture 11 misrepresentation - casesLecture 11 misrepresentation - cases
Lecture 11 misrepresentation - casesRamona Vansluytman
 
Case laws in indian contract act 1872
Case laws in indian contract act 1872Case laws in indian contract act 1872
Case laws in indian contract act 1872manjit29
 
Value Realization with SAP Ariba Solutions Approach, Measurement, and Success
Value Realization with SAP Ariba Solutions Approach, Measurement, and SuccessValue Realization with SAP Ariba Solutions Approach, Measurement, and Success
Value Realization with SAP Ariba Solutions Approach, Measurement, and SuccessSAP Ariba
 
Delivery
Delivery Delivery
Delivery SHARMILASHARE
 
Leveraging Ariba Sourcing eAuction Functionality
Leveraging Ariba Sourcing eAuction FunctionalityLeveraging Ariba Sourcing eAuction Functionality
Leveraging Ariba Sourcing eAuction FunctionalitySAP Ariba
 
Legal incidents of Sale & agreement to sell
Legal incidents of Sale & agreement to sellLegal incidents of Sale & agreement to sell
Legal incidents of Sale & agreement to sellANUJ CHAUDHARY
 
Procure to pay ppt
Procure to pay pptProcure to pay ppt
Procure to pay ppttiffanymaetua
 
Case study on Business Law
Case study on Business LawCase study on Business Law
Case study on Business LawShourav Mahmud
 
-revenue in as 9 methods ppt
-revenue in as 9 methods ppt-revenue in as 9 methods ppt
-revenue in as 9 methods ppthardeep singh
 
GCMartinez signed cover letter 2016
GCMartinez signed cover letter 2016GCMartinez signed cover letter 2016
GCMartinez signed cover letter 2016Graciela Martinez
 
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...Alex Tan
 
Tracxn - Geo Monthly Report - Asia Tech - Dec 2021
Tracxn - Geo Monthly Report - Asia Tech - Dec 2021Tracxn - Geo Monthly Report - Asia Tech - Dec 2021
Tracxn - Geo Monthly Report - Asia Tech - Dec 2021Tracxn
 
WODs for Endurance
WODs for EnduranceWODs for Endurance
WODs for EnduranceWalter Forbes
 
Business Law Case Study
Business Law Case StudyBusiness Law Case Study
Business Law Case StudyAlley John
 
Business law contract act
Business law contract actBusiness law contract act
Business law contract actNitin Patil
 
Recruitment Career Peluang Kerjaya Etiqa Takaful
Recruitment Career Peluang Kerjaya Etiqa TakafulRecruitment Career Peluang Kerjaya Etiqa Takaful
Recruitment Career Peluang Kerjaya Etiqa Takafulrashdand
 
Pompompurin_storie_di_sequestri.pdf
Pompompurin_storie_di_sequestri.pdfPompompurin_storie_di_sequestri.pdf
Pompompurin_storie_di_sequestri.pdfMassimo Giaimo
 
Procure to pay process ppt
Procure to pay process pptProcure to pay process ppt
Procure to pay process pptShanthakumar Shanmugam
 
License permit raj
License permit raj License permit raj
License permit raj Unitedworld School Of Business
 
Sale of goods act
Sale of goods actSale of goods act
Sale of goods actJay Akhani
 
Exploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTExploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTMarco d'Itri
 
Introduction to Accounting by Dr. Suresh Vadde
Introduction to Accounting by Dr. Suresh VaddeIntroduction to Accounting by Dr. Suresh Vadde
Introduction to Accounting by Dr. Suresh VaddeSuresh Vadde
 
Indian contract-act-1872
Indian contract-act-1872Indian contract-act-1872
Indian contract-act-1872Akash Sharma
 
contract cases of invitation to treat
contract cases of invitation to treatcontract cases of invitation to treat
contract cases of invitation to treatsuhail qurban
 
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...SAP Ariba
 
04 c onsideration new
04 c onsideration new04 c onsideration new
04 c onsideration newchelliah selvavishnu
 
Business Law (Case Study)
Business Law (Case Study)Business Law (Case Study)
Business Law (Case Study)Atiqur Rahman
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016zznate
 

Más contenido relacionado

La actualidad más candente

Case study on Business Law
Case study on Business LawCase study on Business Law
Case study on Business LawShourav Mahmud
 
-revenue in as 9 methods ppt
-revenue in as 9 methods ppt-revenue in as 9 methods ppt
-revenue in as 9 methods ppthardeep singh
 
GCMartinez signed cover letter 2016
GCMartinez signed cover letter 2016GCMartinez signed cover letter 2016
GCMartinez signed cover letter 2016Graciela Martinez
 
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...Alex Tan
 
Tracxn - Geo Monthly Report - Asia Tech - Dec 2021
Tracxn - Geo Monthly Report - Asia Tech - Dec 2021Tracxn - Geo Monthly Report - Asia Tech - Dec 2021
Tracxn - Geo Monthly Report - Asia Tech - Dec 2021Tracxn
 
Business Law Case Study
Business Law Case StudyBusiness Law Case Study
Business Law Case StudyAlley John
 
Business law contract act
Business law contract actBusiness law contract act
Business law contract actNitin Patil
 
Recruitment Career Peluang Kerjaya Etiqa Takaful
Recruitment Career Peluang Kerjaya Etiqa TakafulRecruitment Career Peluang Kerjaya Etiqa Takaful
Recruitment Career Peluang Kerjaya Etiqa Takafulrashdand
 
Pompompurin_storie_di_sequestri.pdf
Pompompurin_storie_di_sequestri.pdfPompompurin_storie_di_sequestri.pdf
Pompompurin_storie_di_sequestri.pdfMassimo Giaimo
 
Sale of goods act
Sale of goods actSale of goods act
Sale of goods actJay Akhani
 
Exploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTExploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTMarco d'Itri
 
Introduction to Accounting by Dr. Suresh Vadde
Introduction to Accounting by Dr. Suresh VaddeIntroduction to Accounting by Dr. Suresh Vadde
Introduction to Accounting by Dr. Suresh VaddeSuresh Vadde
 
Indian contract-act-1872
Indian contract-act-1872Indian contract-act-1872
Indian contract-act-1872Akash Sharma
 
contract cases of invitation to treat
contract cases of invitation to treatcontract cases of invitation to treat
contract cases of invitation to treatsuhail qurban
 
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...SAP Ariba
 
Business Law (Case Study)
Business Law (Case Study)Business Law (Case Study)
Business Law (Case Study)Atiqur Rahman
 

La actualidad más candente (20)

Case study on Business Law
Case study on Business LawCase study on Business Law
Case study on Business Law
 
-revenue in as 9 methods ppt
-revenue in as 9 methods ppt-revenue in as 9 methods ppt
-revenue in as 9 methods ppt
 
GCMartinez signed cover letter 2016
GCMartinez signed cover letter 2016GCMartinez signed cover letter 2016
GCMartinez signed cover letter 2016
 
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
 
Tracxn - Geo Monthly Report - Asia Tech - Dec 2021
Tracxn - Geo Monthly Report - Asia Tech - Dec 2021Tracxn - Geo Monthly Report - Asia Tech - Dec 2021
Tracxn - Geo Monthly Report - Asia Tech - Dec 2021
 
WODs for Endurance
WODs for EnduranceWODs for Endurance
WODs for Endurance
 
Business Law Case Study
Business Law Case StudyBusiness Law Case Study
Business Law Case Study
 
Business law contract act
Business law contract actBusiness law contract act
Business law contract act
 
Recruitment Career Peluang Kerjaya Etiqa Takaful
Recruitment Career Peluang Kerjaya Etiqa TakafulRecruitment Career Peluang Kerjaya Etiqa Takaful
Recruitment Career Peluang Kerjaya Etiqa Takaful
 
Pompompurin_storie_di_sequestri.pdf
Pompompurin_storie_di_sequestri.pdfPompompurin_storie_di_sequestri.pdf
Pompompurin_storie_di_sequestri.pdf
 
Procure to pay process ppt
Procure to pay process pptProcure to pay process ppt
Procure to pay process ppt
 
License permit raj
License permit raj License permit raj
License permit raj
 
Sale of goods act
Sale of goods actSale of goods act
Sale of goods act
 
Exploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTExploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONT
 
Introduction to Accounting by Dr. Suresh Vadde
Introduction to Accounting by Dr. Suresh VaddeIntroduction to Accounting by Dr. Suresh Vadde
Introduction to Accounting by Dr. Suresh Vadde
 
Indian contract-act-1872
Indian contract-act-1872Indian contract-act-1872
Indian contract-act-1872
 
contract cases of invitation to treat
contract cases of invitation to treatcontract cases of invitation to treat
contract cases of invitation to treat
 
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
 
04 c onsideration new
04 c onsideration new04 c onsideration new
04 c onsideration new
 
Business Law (Case Study)
Business Law (Case Study)Business Law (Case Study)
Business Law (Case Study)
 

Similar a Grails Jasypt Encryption Plugin

Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016zznate
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for ComplianceDataStax
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Aleksandr Yampolskiy
 
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Positive Hack Days
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance TuningMinh Hoang
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningSean Chittenden
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsAna-Maria Mihalceanu
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxPatricia Aas
 
JavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersJavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersFestGroup
 
Web application security and Python security best practices
Web application security and Python security best practicesWeb application security and Python security best practices
Web application security and Python security best practicesPGS Software S.A.
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat KorchaginNETWAYS
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net FrameworkRamakanta Behera
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With CoherenceJames Bayer
 
Application Grid Dev with Coherence
Application Grid Dev with CoherenceApplication Grid Dev with Coherence
Application Grid Dev with CoherenceJames Bayer
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With CoherenceJames Bayer
 
Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017Arnaud Giuliani
 
Parceable serializable
Parceable serializableParceable serializable
Parceable serializableSourabh Sahu
 
Cloud native java script apps
Cloud native java script appsCloud native java script apps
Cloud native java script appsGary Sieling
 

Similar a Grails Jasypt Encryption Plugin (20)

Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Hardening cassandra q2_2016
Hardening cassandra q2_2016Hardening cassandra q2_2016
Hardening cassandra q2_2016
 
Securing Cassandra for Compliance
Securing Cassandra for ComplianceSecuring Cassandra for Compliance
Securing Cassandra for Compliance
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
 
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients Attacks against Microsoft network web clients
Attacks against Microsoft network web clients
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance Tuning
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security Enhancements
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium Sandbox
 
JavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersJavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developers
 
Web application security and Python security best practices
Web application security and Python security best practicesWeb application security and Python security best practices
Web application security and Python security best practices
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
 
Application Grid Dev with Coherence
Application Grid Dev with CoherenceApplication Grid Dev with Coherence
Application Grid Dev with Coherence
 
App Grid Dev With Coherence
App Grid Dev With CoherenceApp Grid Dev With Coherence
App Grid Dev With Coherence
 
Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017Develop your next app with kotlin @ AndroidMakersFr 2017
Develop your next app with kotlin @ AndroidMakersFr 2017
 
Parceable serializable
Parceable serializableParceable serializable
Parceable serializable
 
Hazelcast
HazelcastHazelcast
Hazelcast
 
Cloud native java script apps
Cloud native java script appsCloud native java script apps
Cloud native java script apps
 

Último

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Último (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 

Grails Jasypt Encryption Plugin

  • 1. Grails Jasypt Encryption by Ted Naleid
  • 3. Overview What is it? Why did we need it? Advantages Limitations How is it used?
  • 5. grails plugin that integrates strong encryption into GORM
  • 6. allows field-level encryption on any domain object or field type
  • 7. import com.bloomhealthco.jasypt .GormEncryptedStringType integrated into class Member { String name String ssn domain objects static mapping = { ssn type: GormEncryptedStringType } }
  • 8. built on Jasypt Simplified Encryption framework
  • 9. Jasypt leverages Java Cryptography Extensions (JCE)
  • 10. Bouncy Castle JCE provider jar included (you can still use any JCE compatible encryptors you want)
  • 11. Why did we need it?
  • 12. constant automated hacking attempts happen on every computer on the public internet
  • 13. cloud computing potentially adds security weak points
  • 14. if you have users, you have data to protect social security numbers medical claims/PHI credit card numbers birth dates security question answers
  • 15. full disk encryption has many drawbacks and limitations
  • 16. field level encryption lets you protect the sensitive things – everything else is at full speed
  • 17. don’t need to outrun the bear
  • 19. encrypt only what you need to
  • 20. strongly protects info even if your database gets rooted or someone steals a database dump
  • 23. encrypted fields take up extra space in database
  • 24. import com.bloomhealthco.jasypt .GormEncryptedStringType class Member { currently need to String name String ssn static mapping = { use two grails } ssn type: GormEncryptedStringType validators static constraints = { ssn( matches: '^d{3}-d{2}-d{4}$', maxSize: 44 // unencrypted 11 ) } }
  • 25. breaks using field in WHERE clause (so dynamic finders for this field don’t work)
  • 26. How is it used?
  • 27. how do I install it? grails install-plugin jasypt-encryption
  • 28. how do I configure it? // add to Config.groovy or external config file jasypt { algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC" providerName = "BC" password = "<my super secret passphrase>" keyObtentionIterations = 1000 }
  • 29. what encryption does Java allow by default? % cat default_local.policy // Some countries have import limits on crypto strength. This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", *; permission javax.crypto.CryptoPermission *, 128; };
  • 30. what you actually want (download “unlimited” crypto jar from Sun^wOracle) % cat default_local.policy // Country-specific policy file for countries with no limits on crypto strength. grant { // There is no restriction to any algorithms. permission javax.crypto.CryptoAllPermission; };
  • 31. after that, it’s easy import com.bloomhealthco.jasypt.GormEncryptedStringType class Member { String name String ssn static mapping = { ! ssn type: GormEncryptedStringType } }
  • 32. all encrypted values stored as strings in the database
  • 33. java.lang.String supported out of the box
  • 34. just implement 3 methods encrypt your protected Object convertToObject(String) own objects protected String convertToString(Object) public Class returnedClass()
  • 35. create your own GORM encrypted type import org.jasypt.hibernate.type.AbstractGormEncryptedStringType public class GormEncryptedMyObjectType extends AbstractGormEncryptedStringType { protected Object convertToObject(String string) { new MyObject(string) } protected String convertToString(Object object) { MyObject.toString() } public Class returnedClass() { MyObject } }
  • 36. then use it in your mapping class Foo { MyClass value static mapping = { ! value type: GormEncryptedMyObjectType } }
  • 38. Links Grails Jasypt Plugin http://bitbucket.org/tednaleid/grails-jasypt/wiki Jasypt http://www.jasypt.org/ Bouncy Castle (AES) http://www.bouncycastle.org/java.html Unlimited Strength Jars http://www.oracle.com/technetwork/java/javase/downloads/index.html (under “other”)