Does property encryption also encrypt corresponding value in BLOB?
My understanding is that if a property is optimised for reporting, the original unoptimised value remains in the BLOB, and that somehow both values (i.e. the value in the separate column, and the corresponding value in the BLOB) are kept in sync.
Suppose my client chooses to implement property encryption of this property (i.e. via a PropertyEncrypt access control policy listing this property) but not to implement encryption of the entire BLOB.
Since the BLOB is not encrypted, does this mean that the unencrypted value is still present in the BLOB and can still pose a risk of being intercepted by a data thief?
Or does the value in the BLOB somehow get encrypted?
If I encrypt a property but do not encrypt the BLOB, doesn't that leave the un-encrypted value of the same property inside of the BLOB? Ergo: whenever we encrypt a property, do we not also need to encrypt the BLOB?
When a property is optimised its value remains in the BLOB and is copied to the dedicated column on each Obj-Save.
The value exists in two places: in the BLOB and in the dedicated column.
The BLOB value is the 'master': If SQL is used to directly update the value in the dedicated column, it will be overwritten by the value in the BLOB on the next Obj-Save.
And the answer to my question:
With property encryption, both the value in the dedicated column and the value in the BLOB are encrypted (even if you don't implement BLOB encryption). (Also the value on the clipboard is encrypted - which doesn't happen for BLOB encryption).