Denying Updates

You must design your application code to permit updates to the encrypted properties for a profile only if the global keyIndex value is identical to the keyIndex value that is stored with the profile. If the application code does not include this check, there is a possibility that data will be lost if a single encrypted property was updated in a profile that contained two encrypted properties. When this occurs, and the keyIndex value stored with the property is changed to the new global keyIndex value for the encrypted property that was not updated, the value is lost.

The keyIndex value that is stored in the profile is stored on a per-profile basis, not a per-property basis. Therefore, to insure that the keyIndex is not changed while the Profile Key Manager is running, you must ensure that the online application does not update encrypted properties that have a global keyIndex value that is different from the keyIndex value that is stored with the profile.

Warning

If you fail to deny updates in the application during the key migration process, data may become corrupted during updating when you have multiple encrypted properties for a profile.

See Also

Other Resources

How to Add Encrypted Properties for Profiles

Profiles System Tools

Profile Key Manager

Preparing to Use the Profile Key Manager

Generating a New Encryption Key

Updating the Application Runtime

Updating the Stored Data

Using the Profile Key Manager

Profile Key Manager Command Line Utility Reference

Decrypting Profile Data