Design Pattern: Passwords and sensitive data

By Bogdana Botez at Microsoft Development Center Copenhagen

This pattern is supported starting from Microsoft Dynamics NAV version 2016.

Abstract

Protect data like passwords, social security numbers, credit card numbers etc by encrypting it and by placing it in a single table with restricted access.

Passwords and Sensitive Data Design Pattern

Problem statement

When sensitive data is stored inside the Dynamics NAV database, if it is negligently handled, it can render it vulnerable. Particularly, the location, access and the state of the data are critical.

Imagine that instead of storing credit cards in a wallet, they would be scattered around in your surroundings: inside cloth, in the furniture, some even in plain sight. How easy would it be to accidentally misplace or have someone misuse a credit card? The statement is valid for sensitive electronic data, like passwords, personal IDs, credit card numbers – they are easier to manage, if stored in one place.

We could store sensitive data in a single place, an electronic “wallet”, but then forget to control who has access to it. If multiple entities can alter the “wallet”, then what is the guarantee that all of them will handle it correctly?

Supposed this problem is solved too. Now we store passwords in a single place, and we only access them through a safely written API. But the passwords are unencrypted, so a breach on the database would immediately expose them to the outside party.

Read more on the NAV design patterns wiki…