We have a requirement from customer that if someone gets access to the database, all data that includes personal information should be encrypted, so that when they do select calls, they shouldn’t be able to see anything in clear text. Now this isn’t any problem for Strings, but what about bytearrays? (that can potentially be quite huge (several 100mb))
When you do a select call, you get gibberish anyways. Is it possible for a hacker to somehow read the bytes and get the sensitive information without knowing how the structure of the object it is mapped against is?
Because if that is the case, then I guess we should encrypt those bytes, even if they can potentially be quite huge. (I am guessing adding encryption will make them even bigger)
First of all, encryption won’t normally increase size, except possibly to the next multiple of the encryption algorithm’s block size (e.g., 128 bit boundary).
Second, yes, if the data is left in the clear, an attacker can probably make sense of at least quite a bit of it fairly quickly.
Third, the big problem with all of this (as with most cryptology) is key storage and distribution. At some point you have to decrypt the data, and (often) the easiest form of attack is to find a way to retrieve that key. Your two main choices are to require the user to enter a key, or to have some sort of protected storage (e.g., a smart card) to store the key, and use smartcard readers on the client computers.
Depending on the database you’re using, it may be able to handle a lot of this for you. A fair number have some sort of row-level or even column-level encryption to help comply with privacy requirements (e.g. Sarbanes-Oxley in the US).