Automatically encrypting and decrypting data with ColdFusion ORM and annotations

I’m writing an application that uses ColdFusion’s ORM features heavily. Various fields in my database deal with Personally Identifiable Information (PII) and need to be encrypted to meet regulatory requirements. I’ve been mulling over the best way to deal with keeping the data encrypted while in the database but have it be readily usable when loaded into an entity. None of the scenarios that came to mind felt right or could be implemented without an extensive amount of “work-around” code and I just wasn’t willing to go down those paths.

I put the question out to the folks that follow me on Twitter and got a couple of responses, one of which was from Mark Mandel who suggested using annotations. Now, I’ve heard the word annotation mentioned, but had never had the time/opportunity to research what they were or how they were used. That was a few weeks ago and in the meantime, I’d gotten busy focusing on other things and just got around to thinking about the encryption thing again a few days ago. What I found out astonished me.

Read More