I want to upload a web app on a server but the server is not owned by me. The data stored in DB on the server is important. To add security I can always encrypt the data in DB. Here, the operators of the server can however, get the copy of my encrypted DB and can also look in my source code to get the key for decryption. I need to store the key for decryption because I would need to display the records in the application.
How can I ensure that the server operators cannot get the data?
Why would they have access to your source code?
I didnt say this.
Then what did you mean by:
the operators of the server can ... look in my source code
This seems an unusual scenario. The data is important enough that you think the sys admins might try to get at it in violation of the contract you have with them, but it's not important enough to merit its own server to prevent that. Not sure what to advise about that, it seems a case of odd priorities.
You can always enter the decryption key through the web app after the each startup. That way it only exists in memory, but after each restart of the app it needs to be re-entered.
I'm sorry, you're using a sys admin that you suspect might packet snoop the traffic and use the SSL key to decrypt your traffic? And you provide your source code to such a person? Seriously, either the data isn't important enough to try to prevent such attacks, or -if it is- you need to get a root server.