Hello Mansi,

storing sensitive data in the cloud is a general challenge. BaseX, as most other NoSQL stores, provides no explicit security layer, so you are left with basically all other options.. such as e.g. encoding sensitive data in the XML documents by yourself (by using the Cryptographic Module you mentioned, or any other encryption libraries), or by taking advantage of Amazon's encryption facilities (all I know is that there are some of these features, but I don't have any experience with it). Maybe someone else can give you more hints.

Best, Christian

On Mon, Dec 29, 2014 at 5:17 PM, Mansi Sheth mansi.sheth@gmail.com wrote:

Hello,

I am thinking about my options of protecting BaseXDB's data at rest. We are storing sensitive client data which we need to protect. We would be migrating BaseXDB on an amazon instance, so protection at rest would be a primary concern.

What I wish to do is, while inserting data into the database, it should be encrypted and while using XQUERY, we should have a mechanism to decrypt the data and retrieve the information needed. I am aware of the performance hit here. Would evaluate if its acceptable after I could collect some statistics.

I looked at the docs: http://docs.basex.org/wiki/Cryptographic_Module#Encryption_.26_Decryption

But, I didn't completely understand a use case for this example. Or if it would solve my purpose. I am currently using some Java code to insert files into the database.

Has anyone done something on this line ? Please share some use cases.

• Mansi