Ciphers
The final configuration topic that we will cover for the DBI proxy architecture is that of on-the-fly encryption of data.
This functionality is useful if you are implementing a secure networked database environment where database operations might be occurring over nonsecure network links, such as a phone line through a public ISP. For example, an employee at home might use his or her own ISP to access a secure company database. Or you might wish to make an e-commerce transaction between two participating financial institutions.
Both of these examples are prime candidates for using the
cipher mechanism in
DBI::ProxyServer
. Ciphering is implemented within
the
RPC::PlClient
and
RPC::PlServer
modules. This allows
DBD::Proxy
and DBI::ProxyServer
to use those mechanisms by means of
inheritance. The actual ciphering mechanism uses external modules
such as Crypt::IDEA
or
Crypt::DES
for key generation and
comparison.[69]
The very basic premise of an encrypted data stream is that the client and server generate keys, which are then sent to each other. When the client wishes to transmit data to the server, it encrypts the data with the server’s key. Similarly, if the server wishes to send data to the client, it uses the client’s key to encrypt it first. This system allows the client and server to decode the incoming data safely. Since the data is encrypted before transmission and decoded after receipt, anyone snooping on the network will see only encrypted data.
Therefore, to support ...
Get Programming the Perl DBI now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.