March 22, 2016 at 10:02 pm
Comments posted to this topic are about the item Datatypes and the Default Mask with Dynamic Data Masking - Step 2 of the Stairway to Dynamic Data Masking
March 23, 2016 at 6:26 am
My biggest concern is that they indicate length (or lack thereof) in the string types. While there are certainly cases where the type would be a security leak, most of those the idea that they can even get to what you show is the bigger leak. Further, most databases I have seen have names that convey far more information than the mask.
For instance I would expect "email" to be a string like type. I would expect "price" to be a number. If I were concerned about the type leaking out, I would also concern myself with purpose as well and ensure my column names gave no clue as to what the point of the column is.
March 23, 2016 at 9:27 am
I don't think they indicate any particular length. Where did you get that? Perhaps I missed something here.
The masking does give you a datatype, and some of that is to protect your existing applications from breaking.
The names of the columns likely don't change since that's part of DB design, and obfuscating these means things become very complex for developers, and perhaps meaningless. The information in the app will tell you what the purpose of the column is. However people store dates as ints and varchars, so there is leakage here about the actual type.
March 24, 2016 at 6:49 am
Thanks for the article.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply