week 8
8.6 Encryption
Encryption converts data into an unreadable format that can only be decoded with the correct key.
|
Encryption Type |
Description and Example |
|
Data at Rest |
Encrypting database files on disk. E.g., MySQL Transparent Data Encryption (TDE) — if the server's hard disk is stolen, data remains unreadable. |
|
Data in Transit |
Encrypting data as it moves between client and server. E.g., SSL/TLS encryption for bank API connections. |
|
Column-Level Encryption |
Encrypting specific sensitive columns. E.g., encrypting BVN, credit card numbers, passwords using AES-256. |
|
Password Hashing |
Passwords are never stored in plain text. A one-way hash (bcrypt, SHA-256) is stored instead. Even if the DB is stolen, passwords cannot be reversed. |