Skip to content

feat(security): database logging and/or verification #1573

New issue
New issue
Open
Open
feat(security): database logging and/or verification#1573
Labels
featureimplement or replace a feature
@DerekRoberts

Description

@DerekRoberts
DerekRoberts
opened on Aug 28, 2024

Securing the Registry data to ensure that information is not falsified or modified by users.

Important information are stored in the registry like seed varieties, origin, characteristics, and proprietary company information.

Controls:
Data is encrypted in transist with TLS over HTTPS.
Gap:
Data is not encrypted at rest.

Adequate

Currently, TCPS isn't standard for internal DB access. Team uses standard, vendor supported containers and solutions wherever possible.
More information on access to database can be found at https://apps.nrs.gov.bc.ca/int/confluence/display/FSADT2/Architecture+Design

Mitigate

Get a process to automatically or manually check the data from the database to ensure it has not been tampered with, a hash value of the data can serve.

Metadata

Metadata

Assignees

No one assigned

    Labels

    featureimplement or replace a feature

    Type

    No type

    Projects

    SPAR Sprints | Goal: Demo CONSEP Purity screen, Hi-fidelity CONSEP inventory management

    Status

    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions