Quote:
Originally Posted by ⌥ saumaun ☢
Keep in mind... if you want to implement your own system for this, you have to secure it like CRAZY. If any of the security isn't up to standards and information is leaked, your badge is on the line.
|
Well as security is an issue, most of this information is public record. Only the relation of key bits of information to each other is crucial to keep restricted.
Anyone can come to the office and pay $4 and get a copy of any offense report that we have in our system and get 80% or more of this information.
The only thing that is absent from a public copy of a report is stuff like social security numbers and phone numbers (I won't have any use to store social security numbers anyways). Of course the relational information of family and their addresses isn't stored in our system unless their information is related to a specific offense. Everything else is in one of our reports.
I would recommend using SSL for any mySQL server connections and perhaps go an extra step by tunneling it through a vpn ipsec, hamachi, openvpn, or one of the many other vpn setups out there. most support gzip compression along with various levels of encryption. I think that would be about as secure as you can get without putting a hefty load on the device.
As far as if the device is stolen or lost, there are several solutions to that too. lots of free stuff that could be cooked into a rom like Smartprotect, remotetracker, etc... or Flexillis Mobile Security, or several other solutions out that you could use to purge the device/format memory cards etc..
The local database could also be encrypted and unlocked on application startup with a pass key.