Design Pattern: Passwords and sensitive data
By Bogdana Botez at Microsoft Development Center Copenhagen
This pattern is supported starting from Microsoft Dynamics NAV version 2016.
Abstract
Protect data like passwords, social security numbers, credit card numbers etc by encrypting it and by placing it in a single table with restricted access.
Problem statement
When sensitive data is stored inside the Dynamics NAV database, if it is negligently handled, it can render it vulnerable. Particularly, the location, access and the state of the data are critical.
Imagine that instead of storing credit cards in a wallet, they would be scattered around in your surroundings: inside cloth, in the furniture, some even in plain sight. How easy would it be to accidentally misplace or have someone misuse a credit card? The statement is valid for sensitive electronic data, like passwords, personal IDs, credit card numbers – they are easier to manage, if stored in one place.
We could store sensitive data in a single place, an electronic “wallet”, but then forget to control who has access to it. If multiple entities can alter the “wallet”, then what is the guarantee that all of them will handle it correctly?
Supposed this problem is solved too. Now we store passwords in a single place, and we only access them through a safely written API. But the passwords are unencrypted, so a breach on the database would immediately expose them to the outside party.
