Re: Database/table encryption

Thu, 01 Feb 2001 14:50:45 -0800 

Hi!

On Feb 01, Tõnu Samuel wrote:
> msquared wrote:
> > 
> > I'm working for a company that has a paranoid client, and the client wants
> > their database to be 'secure'.
> > 
> > By 'secure' they mean that even if someone gains root access on the
> > server, the data in the database can't be compromised (obtained).
> > 
> > I can think of a couple of ways to do this, but I don't know if they're
> > practical.
> > 
> > The first is to have MySQL store the tables and such in an encrypted
> > fashion, at the file layer.
> > 
> > Can anyone else offer any alternative suggestions, or some guidance?
> > 
> 
> Most standard way is prorably having encrypted filesystems support in
> kernel (http://www.linuxi.org) and then having MySQL databases on it. I
> do not believe into too big security when intruder already have root but
> encryption will anyway help.
> 

A note about too big security:

If they want MySQL to send decrypted data to client, then
intruder (having root) would be able to read them from memory anyway.

If they want the client to handle the encryption, there's no
need for encrypted filesystem - all the crypto is done by
client.

Not that I wanted to say that encrypted filesystem is useless... :-)
Reading decrypted data from memory is more complex task indeed.

Just one has to know the limitations of his solution.

> -- 
> MySQL Development Team
>    __  ___     ___ ____  __
>   /  |/  /_ __/ __/ __ \/ /   Tonu Samuel <[EMAIL PROTECTED]>
>  / /|_/ / // /\ \/ /_/ / /__  MySQL AB, http://www.mysql.com/
> /_/  /_/\_, /___/\___\_\___/  Tallinn, Estonia
>        <___/

Regards,
Sergei

--
MySQL Development Team
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /   Sergei Golubchik <[EMAIL PROTECTED]>
 / /|_/ / // /\ \/ /_/ / /__  MySQL AB, http://www.mysql.com/
/_/  /_/\_, /___/\___\_\___/  Osnabrueck, Germany
       <___/

---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to