Home/ Questions/Q 79961
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T21:13:40+00:00

Premise : The requirements for an upcoming project include the fact that no one

  • 0

Premise: The requirements for an upcoming project include the fact that no one except for authorized users have access to certain data. This is usually fine, but this circumstance is not usual. The requirements state that there be no way for even the programmer or any other IT employee be able to access this information. (They want me to store it without being able to see it, ever.)

In all of the scenarios I’ve come up with, I can always find a way to access the data. Let me describe some of them.

Scenario I: Restrict the table on the live database so that only the SQL Admin can access it directly.
Hack 1: I rollout a change that sends the data to a different table for later viewing. Also, the SQL Admin can see the data, which breaks the requirement.

Scenario II: Encrypt the data so that it requires a password to decrypt. This password would be known by the users only. It would be required each time a new record is created as well as each time the data from an old record was retrieved. The encryption/decryption would happen in JavaScript so that the password would never be sent to the server, where it could be logged or sniffed.
Hack II: Rollout a change that logs keypresses in javascript and posts them back to the server so that I can retrieve the password. Or, rollout a change that simply stores the unecrypted data in a hidden field that can be posted to the server for later viewing.

Scenario III: Do the same as Scenario II, except that the encryption/decryption happens on a website that we do not control. This magic website would allow a user to input a password and the encrypted or plain-text data, then use javascript to decrypt or encrypt that data. Then, the user could just copy the encrypted text and put the in the field for new records. They would also have to use this site to see the plain-text for old records.
Hack III: Besides installing a full-fledged key logger on their system, I don’t know how to break this one.

So, Scenario III looks promising, but it’s cumbersome for the users. Are there any other possibilities that I may be overlooking?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. If you can have javascript on the page, then I don’t think there’s anything you can do. If you can see it in a browser, then that means it’s in the DOM, which means you can write a script to get it and send it to you after it has been decrypted.

    Aren’t these problems usually solved via controls:

    1. All programmers need a certain level of clearance and background checks
    2. They are trained to understand that rolling out code to access the data is a fireable or worse offense
    3. Every change in certain areas needs some kind of signoff

    For example — no JavaScript on page without signoff.

    If you are allowed to add any code you want, then there’s always a way, IMO.

    • 0