| 摘要 |
Systems and methods are disclosed for storing sensitive data in a database, such as an application database or a dedicated application security database or store. In accordance with one aspect of the invention, user passwords are not directly stored in a database; but instead, when a password is entered, a one-way hash of the password phrase is produced for storage and/or comparison purposes. In accordance with another aspect, individual authorized application users are each aligned with their own version of an application-wide security key such that it becomes unnecessary to directly store the key in its original form. The security key is used to process sensitive data. In accordance with another aspect, a user's version of the application-wide security reflects an encryption-based relationship to the user's password. Various embodiments also support flexible access to particular collections of sensitive data based on user account and/or user role information. |
