0

I am looking to see if there is a way to verify that the XML I am storing in the database has not been tampered in any way.

I have thought about doing an md5 hash but a skilled hacker would understand that and just regenerate the hash. So now I am looking at PGP signatures, where the app would verify the XML was unchanged when the history was retrieved.

Does anyone know if there is a spec for signing xml? I am currently storing the XML in an XML column in SQL, I like the fact that someone can just look at the column and see what has been logged, but the fact that it can be changed worries me that I can not prove that its unchanged.

Thanks

bhawkins
  • 326
  • 2
  • 11
  • anyone ever implemented something like this? [link](http://msdn.microsoft.com/en-us/library/ms229745(v=vs.110).aspx) MSDN Doc on XML and RSA – bhawkins Apr 18 '14 at 01:34
  • Your question is too broad. Implementing security requires knowing the *specific details* of the system. – Louis Apr 18 '14 at 11:08
  • I am having to make a system Hippa compliant which means every transaction is logged. So I am using xml to store the values of What has changed. The database uses transparent database encryption so the data is protected. This is more of a means to show the history records have not been altered. – bhawkins Apr 18 '14 at 13:43

0 Answers0