Programming Books C Java PHP Python Learn more Browse Programming Books
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Translucent Databases Paperback – April 20, 2002


Amazon Price New from Used from
Paperback
"Please retry"
$16.95 $14.98

Customers Who Viewed This Item Also Viewed

NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 193 pages
  • Publisher: Flyzone Sr Llc; First edition, first printing (full number line) edition (April 20, 2002)
  • Language: English
  • ISBN-10: 0967584418
  • ISBN-13: 978-0967584416
  • Product Dimensions: 8.8 x 7.3 x 0.5 inches
  • Shipping Weight: 12.8 ounces
  • Average Customer Review: 3.9 out of 5 stars  See all reviews (10 customer reviews)
  • Amazon Best Sellers Rank: #2,994,528 in Books (See Top 100 in Books)

Editorial Reviews

Review

"I would like to recommend this book to everyone who is storing sensitive information in their database. " -- Michael Widenius, MySQL

"I would like to recommend this book to everyone who is storing sensitive information or credit cards in their database. -- Michael Widenius, MySQL

Every database programmer should have a copy of this simple and elegant book on his reference bookshelf. -- Robert Hettinga in Slashdot

Had either Yale or Princeton adopted Wayner's principles, this nasty little episode might never have happened. -- Simson Garfinkel on the O'Reilly Network

From the Inside Flap

Here's an FAQ:

Q: What are translucent databases? A: A term for databases that must protect some information while revealing other data. In other words, a phrase to capture how the database must exist somewhere between translucency and opacity.

Q: Do they encrypt things? A: Yes, but only some things and then only in a careful way. Standard encryption algorithms lock data away in an inscrutible pile of bits. Only the person with the right key can make sense of the information. Translucent databases use the same algorithms in a more controlled fashion. Some of the information is turned into an inscrutible pile of bits, but other parts can be read, understood and acted upon by the database engine.

Q: So what's scrambled beyond recognition? A: Anything you want. The database administrator usually chooses personal or sensitive information. Social security numbers or credit card numbers are ideal choices. Passwords are another choice.

Q: But are they really beyond all recognition? A: Actually, no. The book describes how to control the scrambling so that useful work can be done with the result. In some cases, you can still compare the information to see if it matches other scrambled entries. In others, you can add or multiply the data too. All of this work is done behind a curtain of encryption so the privacy is still protected.

Q: So why would I use something like this? A: Databases come with good security already, but nothing is perfect. Sometimes someone leaves a backdoor open. The operating system, not the database itself, is often the culprit. Sometimes clerks, bosses and everyone in between abuse their legitimate access. Translucent databases provide a way to work with sensitive information in a more secure way.

Q: Are there advantages? A: The security mechanism of translucent databases is much simpler. Translucent databases don't require heavily tested operating systems running the in the most secure mode to protect the information. They can save administrative costs by making life easier for system administrators. The mechanism also runs faster in many cases because there's no need for a complicated security layer to evaluate every request.

Q: Isn't hardware cheap? A: Yes, but it's not just about speed and cost. Translucent databases also make ideal satellite databases placed in remote sites or branch offices. They can accomplish all of their tasks without the extra security. There's no need to lock away the database or check out all of the staff. The translucent database strips away the sensitive information.

Q: Are they perfect too? A: Nothing is perfect, but translucent databases can withstand some attacks that would cripple a regular database. If a hacker breaks in or an employee turns traitor, the information is still secure. There are still ways that information can leak out, but they're significantly fewer and harder to exploit.In many ideal situations, the database administrator can publish the root password and remain sure that the sensitive information will stay locked up.

Q: How is the book written? A: As a high-level idea book with the full source code to dozens of examples. Each chapter describes a different technique for locking up the information. Most come with two or three different databases as examples. The book comes with a license to use the source code in any way you want.

Q: Who would want to read the book? A: Database administrators who need to guard sensitive information.

Q: Do the examples help? A: There are dozens of examples in the book. If there's nothing directly useful, then most database administrators will find something that is close. The book is meant to teach by example.

Q: Is this idea new? A: Yes and no. People have been encrypting databases for a long time, but most of it isn't permanent. Many databases can be protected by a password, but it is unscrambled whenever someone does a query. That's not ideal. Translucent databases are scrambled beyond recognition. This book takes some of the standard techniques from cryptography and reapplies them in a different way. The one-way functions and the digital signatures aren't new, but the attitude to protecting data is.

Q: What about password databases? A: The UNIX password file scrambling mechanism is a great example of a translucent database. It's been around for a long time. The book is really an attempt to see how far the idea will go. Can we help people schedule meetings? Can we protect the plans of a baby sitter or an executive threatened with kidnapping? Can we protect the ships at sea while still letting family members follow their movements? Can we take care of credit card numbers? It turns out we can build a central database using some of the same techniques that protects the average password files. People can still do useful work, but no hacker can punch through.

Q: Is there code? A: Yes, plenty of SQL and Java code.

Q: Can I use it? A: Sure. Owners of the book get a royalty-free license to reuse the source code as they desire. You can copy it verbatim, change it slightly, or rewrite large parts.

Q: Can I contact the author? A: p3@wayner.org or pcw@flyzone.com should work


More About the Author

A veteran journalist, Peter Wayner writes frequently for the New York Times, Infoworld, Wired, Car & Driver and numerous other publications. He wrote more than 15 books on a wide range of topics, including how technology is changing the economy, and our lives. He is often found in the audience of the theater and backstage where the magic begins.

Customer Reviews

3.9 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

12 of 12 people found the following review helpful By Dr. Vince Collura on December 31, 2002
Format: Paperback Verified Purchase
Peter Wayner gives insight on storing, protecting and managing data, with a strong focus on privacy. This book is an easy read for anyone familiar with SQL based db systems, cryptography and an understanding of basic application architecture. Additionally, if one plans on working towards HIPAA compliance (term used loosely), this is a must read.
The concept of translucent databases is a step in the right direction for any entity interested in storing useful data without holding the overwhelming burden of liability over their own head. Working on the "other end" of the software development chain, it is clear to me that this concept will be a hard sell to business that aren't under the (HIPAA) gun.
Wayner's writing is extremely readable, with great emphasis on explanation. My lack of java experience was not a hindrance at all while reading this book.
This book is best shared between developers, architects, and decision makers, as it is their understanding that is crucial in selectively choosing what data is stored, what data is not, and what data is hidden and to whom. While there are few, if any Eureka! Moments in the book, there are concepts which will prove to be valuable as time progresses.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
23 of 27 people found the following review helpful By Mike Tarrani HALL OF FAMETOP 50 REVIEWER on June 25, 2002
Format: Paperback
This book contains an innovative and viable approach to securing databases, and one that I've not encountered anywhere else. In a nutshell the author provides techniques, based on standard SQL and Java, for securing sensitive data without restricting general access of less sensitive data to authorized users. The core of this approach is based on encryption and one-way functions, including PKI and secure hashing, and accepted authentication techniques such as digital signatures.
What makes this book unique is that while it's based on solid theoretical ground, the material is practical. As the techniques are discussed they are illustrated by 15 different scenarios, all of which contain problems faced by e-commerce, HIPAA and other high security environments, and code examples that show how to solve the problems. I like the way the author shows how to implement his solutions in common database environments (PostgreSQL, MySQL and Oracle - the approach should also work in the MS SQL Server environment). As I read this book I saw interesting possibilities for implementing role-based access controls and securing against SQL-based statistical attacks using the author's approach.
This book is essential reading for DBAs, system architects and IT security professionals, especially those in healthcare who are struggling with meeting HIPAA requirements, and in e-commerce who are challenged by protecting credit card and account information. This book shows the DBA how to secure his or her database, and the system architects and security professionals what is possible using SQL and Java. The book also has an associated web site which is supposed to have soft copies of all of the source code contained in the book.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
9 of 9 people found the following review helpful By A Customer on July 2, 2003
Format: Paperback
You can skip this book if you're a super crypto geek as the other obnoxious reviews make clear. If you've got sensitive information to store, check this out. The book is filled with several dozen examples worked out in raw SQL and Java. It could use a bit more crazy examples like his other book, Disappearing Cryptography, but at least the book is crisp, helpful and to the point.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
11 of 13 people found the following review helpful By Zak Greant on February 21, 2003
Format: Paperback
Translucent Databases deals with the issue of building applications that store and manipulate sensitive data in a very accessible and pragmatic fashion.
It provides working developers with a practical understanding of the fundaments of cryptography and stenography as applied to the specific needs of data storage, retrieval and manipulation.
The author has been careful to support major concepts with examples, discussions, real-world rationales, supporting mathematics and recommendations for additional reading. In particular, developers who do not have formal computer science background will appreciate the clear explanations of the base mechanics of the various hashing and private/public key schemes.
Given the profusion of applications that store sensitive data, this book is a timely guide that helps developers quickly solve problems in time-constrained development environments.
Additionally, the author writes in a highly-readable style that makes the topic material less fearsome for timid readers who fear daunting subjects like cryptography.
The book is not perfect - it contains more than its fair share of typos and could benefit from tighter editing. However, these are minor flaws that do not compromise the utility of the book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
10 of 12 people found the following review helpful By A Customer on December 26, 2002
Format: Paperback
Although the book is both interesting and useful, it suffers from a worms-eye view. Explanation is given at the source-code and SQL level and not above that. There is no attempt to give the reader an overall picture of the algorithms being described; the book contains not one E-R diagram, schema diagram, or diagram of any other sort. I wound up drawing these for myself to make sense of the muddled explanation. Because I think the book contains valuable information, I hope that Mr. Wayner will correct this oversight in a second edition.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images

Search

What Other Items Do Customers Buy After Viewing This Item?