✔ Encrypt Notepad Details
Completed by Morgan M.
- Assigned to
-
Anil V.
Harsh P.
Ryan K.
- Due on
- Notes
-
Further to discussion on this issue, we need to ensure that all Notepad details are secured in a separate encrypted SQL database. The priority is to secure the Notepad details concerning the bookmarks and research topics saved by individual front-end users; however, we can explore options that secure both the usages details and bookmark details.
We had a meeting with a client today, and they specifically asked about the security of the data concerning the Notepad Feature. Let's ensure that this to-do is integrated into the workflow.
Thanks,
Morgan
We did some R&D regarding security of encrypted data and found that no one else can Decrypt the data. Hence, It is secure to store the data in encrypted format into database. Please suggest, If it is OK then we can start development.
Ryan
I'm fine with it being on the same database as well. As long as the data is encrypted, and decrypted data is only inaccessible to the front-end user.
Also,
Thanks,
Morgan
Morgan
I have made word document which explain what is encryption & decryption and how it works.
Please review and let us know if you have any concern.
Morgan
Just confirming that we've started development on encrypting the Notepad data.
Thanks,
Morgan
We have started analysis how to encrypted & decrypted old notepad data in SQL database and Parallel, we are also making document as programming point of view.
We will start development very soon and will keep you updated.
Morgan
We have implemented the Encryption Decryption for Notepad Feature and uploaded on dev.islg. Now, the bookmark details are saved in encrypted format in dev's database.
We have also encrypted the old bookmark data on dev.islg's server.
Please check and confirm.
Great. Glad to hear this is complete. However, what do you mean by "old bookmark data"? Are you referring to data that has been deleted by users (e.g., when they delete a bookmark from a research topic)? If so, we shouldn't be storing this data. When a user deletes bookmark data, it should also delete it from the server. Could you please clarify.
Also, did you ever create the document for explaining the encryption from programming point of view?
Thanks,
Morgan
The Old data mean the data which have already stored on database. It means We have encrypted those User's bookmark data which have already saved in plain text on server.
Also, We have confirmed that when user deletes bookmark data, it is deleted from the server. We haven't stored deleted data.
Yes..We have also made document for developer point of view which explains encryption decryption algorithm.
Ok. That all sounds good. Could you send me a copy of the document, so that I can keep this on file.
Also, I'd like to discuss this with
Thanks,
Morgan
I have attached the PDF file which explains encryption decryption algorithm and database's table related information.
Morgan
Just a heads up on our call tomorrow. Could you be prepared to comment on the above. I want to get sign off from you that we've done everything necessary to get all the Notepad data encrypted and secured so that we can migrate the changes through to www.islg on Monday.
Thanks,
Morgan
For some reason I don't have the IPs for dev.islg web and SQL servers saved, only prod. Could you let me know please?
Thanks!
Ryan
Following are the IPs of dev.islg web and SQL server
dev.islg web - 10.68.138.10
SQL Server - 10.68.138.11
Let me know you need anything else.
We looked at the encryption and have a few questions:
Ryan
Following, We have mentioned the answers.
As Security point of view, we don't think so Subscriber ID is
necessary to encrypting Because Subscriber ID is connected with many reference tables and it will affect many tables to populate results.
Ryan
Thanks for the details above. Just so I understand this correctly, we have encrypted all the details concerning the bookmarks themselves, but we have not encrypted the Subscriber ID's. Therefore, in the event of a data breach, it would possible to identify that a subscriber has created bookmarks, but it would be impossible to identify the content of those bookmarks, correct? Also, does this apply to the research topic names and descriptions, because this is sensitive information that should be encrypted as well?
Also, does this server store a copy of the research reports that have been exported in Word? If so, these should be automatically deleted as soon as they are generated to ensure there is data risk there as well.
Finally, is it possible to apply the same encryption (and purging of automated reports) for Client/File#s, Matter#s and comments assigned to sessions through the session information window? This also has sensitive information that needs to be protected.
Thanks,
Morgan
Following, I have mentioned the answers of your above questions.
Great. That satisfies my concerns regarding the bookmarks and exported research reports. However, what about the research topic names and descriptions? Can you confirm whether this information is encrypted? If not, let's ensure this is done as well.
Yes, please proceed with encrypting the Client/File#s, Matter#s and comments.
Thanks,
Morgan
My Apologies. I forgot to mentioned answer in my previous comment.
Yes. We have already did encrypted the research topic names and descriptions on dev.islg.
Could we migrate this Encrypt/Decrypt Notepad details task on www.islg on next Tuesday ??
Sure. Let's migrate the Notepad Details on Tuesday. I'll schedule this to-do for that date, and then we'll do the usage details during a subsequent window.
Thanks,
Morgan
We have migrated Notepad Details Encryption/Decryption on www.islg. We have also changed the Encryption key on production environment.
Please check and confirm.
Ryan
Following, I have mentioned the database details :
ISLG :- Production Database (www.islg)
islg_data :- Dev demo database (dev.islg)
islg_new :- Database for testing purpose.
We are working to Encrypting/Decrypting the Client/File#s, Matter#s and comments.
There are so many places in application that we need to Encrypting/Decrypting the Client/File#s, Matter#s and comments.
(For Ex. Member site session information window, PDF File, Excel File, Admin site session information window etc..) Hence, It will take some time to complete. We will keep you updated.
Morgan
Just FYI : The work is still continue and will you keep updated.
FYI :-
We made changes of Encryption/ Decryption for Client/File#s, Matter#s and comments in our local environment and currently, we are testing on both Member site and admin site.
Once testing will be done we will upload the changes on dev.islg.
Morgan
We have implemented the Encryption Decryption alogrithm for Client/File#s, Matter#s, Comments and uploaded on dev.islg.
We have also encrypted the old data (e.g The data which already stored on database) on dev.islg's server.
Following, The reason of slow down to open Session Information Window.
Please Suggest.
I see what you mean. The loading time is incredibly slow. Is there another way to encrypt the data to speed up the process? The tool was already loading data slower than I'd like, and I don't want to implement anything that will make it worse. It's very common for us to pull 12 months worth of data, which is why this is default setting. So please come up with a solution that speeds up the encryption algorithm. I would also investigate ways of speeding up the loading times of the session details page more generally. Perhaps there are ways we can get the data to load more efficiently without sacrificing what is ultimately displayed to users.
Morgan
I understood your concern.
We are looking to find another way (e.g Directly from SQL or something else) to encrypt/decrypt the data to speed up the process. we will keep you updated for same.
Morgan
We have found another method for encryption/decryption. The data will be directly decrypted by SQL query. It give us huge improvemnt for speed up.
Currently, This is on trial and error method for us. we are working on it and will update you soon.
Thanks,
Morgan
Yes. We can also speed up the general loading time of the session reports.
We have changed the Encryption/Decryption method for Client/File#s, Matter#s and comments fields and uploaded on dev.islg.
Now, It takes hardly 5 Seconds to display 100 number of records in Session Information Window. It is also takes near about 3 seconds to generate session reports.
Please check and let us know the feedback.
It looks really look. I'm happy with the speed.
Morgan
Could you confirm everything looks ok on this to-do so we can get it migrated on the next window.
Thanks,
Morgan
It looks to be functioning as expected and is much more performant, however, I discovered an error when attempting to load my Research Topics after I had edited the name of one of my saved research topics.
Above error is related to Notepad Details Encrypted/Decrypted method which we have resolved on both dev.islg and www.islg.
Please check and confirm.
Morgan
We have migrated the Client/File#s, Matter#s and comments fields Encryption/Decryption task on www.islg.
Please check and let us know the feedback.
It's working well for me. I'll let
Thanks,
Morgan
In my test account on www.islg ISLGtesting / islg4testing I'm getting a server error when I log in and attempt to open my Research Topic window. See attached video.
I'm not able to recreate the issue with my testing account.
Thanks,
Morgan
Yesterday, After migration, We have tested the this task with different users credentials and we had forgot to clear specific Ryan's user data on www.islg.
Please check and confirm.
Ryan
Morgan