The Role of Encryption in Securing Mendix Data
Data is one of the most crucial organizational assets. Therefore, you must secure it at all costs because a security breach can jeopardize your business operations and integrity. Mendix is a Low-Code Solutions platform designed with security in mind. Your Mendix data and application are secured via advanced security protocols throughout its development lifecycle, from ideation and release and maintenance.
One strategy used to secure Mendix data is encryption. It prevents unauthorized attempts to access your company or customer data stored in and transferred via the Mendix app. So, whether your data is at rest or in transit, the Mendix platform encrypts it out of the box. But what is encryption? How does Mendix encrypt data to ensure it is secure? And what is the role of encryption in securing data? Let’s find out.
What is Encryption?
Encryption involves data scrambling to ensure that only authorized persons can understand it. Technically, it converts human-readable text (plaintext) to indecipherable text (ciphertext). Encryption is a security measure to ensure only the intended party accesses and understands the data involved.
Encryption involves using a cryptographic key, a collection of complex mathematical values on which the sender and recipient of the encrypted message(s) agree. While the ciphertext (encrypted data) seems random and unpredictable, encryption proceeds in a predictable, logical way, enabling the recipient to decrypt the data using the right cryptographic key.
Secure encryption uses keys complex enough that a third party will unlikely break or decrypt the ciphertext using brute force, which involves guessing the cryptographic key. With Mendix, you can encrypt data at rest or in transit. This ensures that Mendix data is secure, even when transmitted to third parties through APIs.
How Can I Encrypt Mendix Data?
Mendix provides an Encryption module available from the Mendix Marketplace, which you can download and use to encrypt your application data. This module takes care of two encryption needs:
-
Plain Text Encryption
This type of encryption is often used for passwords and other sensitive textual data handled by your Mendix application. Plain text encryption uses the Advanced Encryption Standard (AES) algorithm. In this case, the cryptographic key used for encrypting your Mendix data is defined as a constant and stays on the application server.
Common Use Cases
Plain text encryption is commonly used when a module or application consumes a service where a username and password are needed. In this case, you should store at least the password in an encrypted format in the database.
Configuration
A little configuration is required to set up plain text encryption in the Encryption module. The configuration steps involved include the following:
- Establish the EncryptionKey Constant in the Private – String en/decryption folder. Ensure your key has at least 16 characters. However, if you’re using version 2.2.0, make the key 32 characters long, as the key length was extended from 128 to 256 bits.
- Define the EncryptionPrefix Constant in the Private – String en/decryption folder. The value of the EncryptionPrefix constant will depend on the Encryption module version. If you’re using version 2.2.0 and above, set your constant to {AES3}. However, for versions 1.4.1 to 2.1.3, set it to {AES2}.
Limitations
The major limitation of plain text encryption is that it currently supports only the AES algorithm.
-
FileDocument Encryption
The FileDocument encryption allows you to encrypt photos and files using the Pretty Good Privacy (PGP) algorithm. In this case, the cryptographic key used for symmetric encryption is encapsulated in the encrypted file content. Also, the certificate for using asymmetric encryption of the symmetric key is stored in the application’s database.
Common Use Cases
One common use case of the FileDocument encryption approach is when an application or module stores a customer’s sensitive documents like images. In such an instance, you may want to encrypt these documents to ensure only the owners can view them.
Configuration
There is no configuration required to implement FileDocument encryption. However, you should upload or generate certificates upfront through the CertificateManagement page.
What Role Does Encryption Play in Securing Mendix Data?
Encryption plays a critical role in securing Mendix data by helping it achieve the objectives of the CIA Triad, which are the foundations of data security. These roles include the following:
Confidentiality
Encryption ensures unauthorized parties cannot read or access the data stored or transmitted via Mendix apps. This is because it transforms your data into ciphertext, which can only be understood by a party with the correct decryption key. Therefore, it helps protect sensitive data from unauthorized access, ensuring it remains confidential between the sender and the recipient.
Integrity
Encryption helps maintain the integrity of Mendix data. Using security techniques like message authentication codes (MACs) and digital signatures, encryption verifies that data hasn’t been altered or tampered with at rest or in transit. Any unauthorized modifications would fail in the decryption process, alerting you of possible attempts to modify it.
Authenticity
Encryption is used to verify the originality of data in Mendix apps. Public Key Infrastructure (PKI) and digital certificates are used to authenticate the identity of data senders and recipients. This ensures that the data is from the intended trusted source and has not been interfered with.
Additionally, Mendix supports several encryption standards, including AES for data at rest and Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for data in transit. These encryption solutions help secure your Mendix data from unauthorized modification, access, or interception. As a result, it improves the overall security of Mendix data and applications.
Final Thoughts
Encryption plays a vital role in securing Mendix data. Mendix provides encryption solutions, including an Encryption module, which you can use to secure your data. Also, this low-code development platform supports different encryption standards, including TLS, AES, and SSL, to protect Mendix data at rest and in transit.
However, encryption is just one aspect of securing Mendix data. You should consider other security measures like authentication, monitoring, and access controls. Combining these measures with encryption ensures comprehensive data security in Mendix applications.
Interested in learning more about Mendix? Check out our blog for more articles.