BKCRPDBS.RVW 20051111 "Cryptography in the Database", Kevin Kenan, 2006, 0-321-32073-5, U$44.99/C$62.99 %A Kevin Kenan www.KevinKenan.com %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2006 %G 0-321-32073-5 %I Addison-Wesley Publishing Co. %O U$44.99/C$62.99 416-447-5101 800-822-6339 bkexpress@aw.com %O http://www.amazon.com/exec/obidos/ASIN/0321320735/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0321320735/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0321320735/robsladesin03-20 %O Audience a Tech 2 Writing 1 (see revfaq.htm for explanation) %P 277 p. %T "Cryptography in the Database: the Last Line of Defense" The preface states that the intended reader is the technical lead for the protection of information in a database. This person should be well familiar with databases, and have a passing knowledge of cryptography. Part one deals with database security. Chapter one states that databases are important, and we should protect them. A brief review of database concepts (limited to relational databases) and a rather longer, and quite complete, overview of cryptography, is in chapter two. Part two outlines a cryptographic infrastructure. Chapter three examines keys and key management. Algorithms, and symmetric block algorithm modes, are covered in chapter four. More of key management is addressed in chapter five. Chapter six looks at the logical (rather than programming) interfaces between encryption, decryption, and the application. Part three reviews the overall cryptographic project. Chapter seven discusses project management. Ways of specifying security aspects of the system are suggested in chapter eight, while nine examines design. Some general principles for secure implementation are listed in chapter ten. Various types of testing are reviewed in chapter eleven. Chapter twelve looks at the deployment, monitoring, and removal of an application. Part four contains sample Java code. There is an explanation of the code, and then a key vault, manifest, manager, engine, cryptographic service provider, client, exception handling code, and a run of the system in operation. Rather than an actual text on the special needs of databases for cryptography, this is more like a general review of cryptographic concepts with some attention paid to examples that would deal with certain database issues. The material is sound enough, as far as it goes. But those who maintain large databases and wish to see practical solutions for the problems they face may be disappointed. copyright Robert M. Slade, 2005 BKCRPDBS.RVW 20051111