Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Categories

Supported by
Bestel Een wereld vol denkers door Sebastiaan Mathôt via bol.com

Is the JATOS database encrypted?

SilenceThisNoiseSilenceThisNoise
in JATOS

Hello,

I have been running an instance of JATOS on DigitalOcean for a while now and I have HTTPS enabled.

However, a research partner has requested details of the encryption used to secure my data online. So I was wondering: Is the embedded database used by JATOS encrypted or secured in any way by default?

If not, is there a way to do so?


Thanks for your help!

Comments

  • krikri

    Hi!

    The embedded H2 database is not encrypted in JATOS. Although according to their docs it is possible. But, arguably, it is more important to secure the server where JATOS (with the H2 database) is running on and especially the connection to the server. Most importantly always use encrypted connections, e.g. SSH and HTTPS. I would argue, that if the doors to the server are secure, the data itself on the server can be unencrypted (a security expert would probably tear me apart for writing this). I guess, it depends on how 'secure' you want you data.

    An alternative to the embedded H2 database is always to use an external MySQL or MariaDB. Those database are meant to work in secure environments and support encryption in different ways (that I never tried myself :) ).

    Best,

    Kristian

  • SilenceThisNoiseSilenceThisNoise

    Thanks Kristian,

    I appreciate the reply! I think the question might be a bit of a red herring.

    As you say, I have HTTPS enabled and the firewall is on etc.

    Am I right in thinking that even if the database were exposed, the database itself could not be accessed without some sort of user/password details?

    All the best,

    Chris

  • krikri

    No, if you have terminal access to the server you can read everything in the H2 database. Use a MySQL or MariaDB for encrypted content.

    Best,

    K.

  • sebastiaansebastiaan

    Just to avoid people getting unnecessarily worried.

    No, if you have terminal access to the server you can read everything in the H2 database. Use a MySQL or MariaDB for encrypted content.

    This is true, but the key point is that people do not have terminal access to the server. So the security wall is such that people cannot access the server at all, and thus also not the database on the server, nor for example sensitive documents on the server.

    Your data is very safe on JATOS, provided that it is installed on a properly configured server such as MindProbe.eu.


    SigmundAI
    Check out SigmundAI.eu for our OpenSesame AI assistant!

  • krikri

    I agree with Sebastiaan. For most usecases it is safe to "just" secure the server and not encrypt the database's data. Actually I've never encountered an encrypted database so far (although I'm not an admin).

    Best

    K.

Sign In or Register to comment.
Sebastiaan Mathôt » v2.0.18 » Copyright 2011 — 2019 » Vanilla flavored » License