I'm working for a company that has a paranoid client, and the client wants
their database to be 'secure'.
By 'secure' they mean that even if someone gains root access on the
server, the data in the database can't be compromised (obtained).
I can think of a couple of ways to do this, but I don't know if they're
practical.
The first is to have MySQL store the tables and such in an encrypted
fashion, at the file layer.
The second is to have the application encrypt the data when storing it in
the database, and decrypt it when retrieving it. In this case, perhaps
PGP could be used to do the encryption/decryption?
PGP (or GnuPG) would be good, because it would only require a password
from the user when decrypting. However, I suspect that the overhead in
calling PGP/GnuPG for each record would be prohibitive. Perhaps there's a
PGP/GnuPG Perl module that doesn't require PGP or GnuPG to be installed?
(ie: has all code implemented internally, in Perl or C)
Can anyone else offer any alternative suggestions, or some guidance?
2
Regards, /|/|
/ |
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
