• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
  • paul wheaton
  • Tim Cooke
  • Devaka Cooray
  • Rob Spoor
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin

Client side field encryption on array of object

Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,
    My application runs on Java 11 and connects to MOngo entrprise DB 4.2.X and I am trying to encrypt an array that is part of my java DTO object that is persisted into a collection on the DB. The objects stored in the array are of a custom class that is part of my application and the structire of these is as follows:-

public class MyPersistedDTO{
private List<AttributeDto> attributes

public class AttributeDto {
 private String name;
 private int type;
 private String value;

I need to create the encryption schema map such that when the MyPersistedDTO.attributes is persisted, only the AttributeDto.value field is encrypted for each of the elements in the array as AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic so that it can be queried on from the application. Is there a way to do this. If so please share the schema map with me as I need it urgently. Thanks.
Saloon Keeper
Posts: 27478
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch, Prashanth!

I'm not sure I'd call that a "DTO". A Data Transfer Object was originally part of the design pattern architecture for JEE EJBs. Since EJBs weren't POJOs and you couldn't use them in generic logic, you'd use a (POJO) DTO to transfer data to/from your non-EJB logic to your EJBs. So I think what you actually have here is an Entity object. It's quite possible that if you were using the Spring Data framework that you would even annotate them as @Entity, even though MongoDB is a noSQL DBMS. Spring Data likes to make similar things similar.

As for defining per-field encryption within a MongoDB entity, I'm not optimistic. Originally, MongoDB was designed as a dictionary system, so the concept of fixed schemas of any type was quite foreign to it. Someone who is more up to date might be able to help here.

Don't listen to Steve. Just read this tiny ad:
a bit of art, as a gift, that will fit in a stocking
    Bookmark Topic Watch Topic
  • New Topic