Re: Database/table encryption

Rolf Hopkins Thu, 01 Feb 2001 18:09:41 -0800
If your client is that paranoid, you could always set up a separate internal
LAN with no connection to the outside world.  That's what my previous
company did.



----- Original Message -----
From: "Sergei Golubchik" <[EMAIL PROTECTED]>
To: "msquared" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, February 01, 2001 20:39
Subject: Re: Database/table encryption


> Hi!
>
> On Feb 01, Tõnu Samuel wrote:
> > msquared wrote:
> > >
> > > I'm working for a company that has a paranoid client, and the client
wants
> > > their database to be 'secure'.
> > >
> > > By 'secure' they mean that even if someone gains root access on the
> > > server, the data in the database can't be compromised (obtained).
> > >
> > > I can think of a couple of ways to do this, but I don't know if
they're
> > > practical.
> > >
> > > The first is to have MySQL store the tables and such in an encrypted
> > > fashion, at the file layer.
> > >
> > > Can anyone else offer any alternative suggestions, or some guidance?
> > >
> >
> > Most standard way is prorably having encrypted filesystems support in
> > kernel (http://www.linuxi.org) and then having MySQL databases on it. I
> > do not believe into too big security when intruder already have root but
> > encryption will anyway help.
> >
>
> A note about too big security:
>
> If they want MySQL to send decrypted data to client, then
> intruder (having root) would be able to read them from memory anyway.
>
> If they want the client to handle the encryption, there's no
> need for encrypted filesystem - all the crypto is done by
> client.
>
> Not that I wanted to say that encrypted filesystem is useless... :-)
> Reading decrypted data from memory is more complex task indeed.
>
> Just one has to know the limitations of his solution.
>
> > --
> > MySQL Development Team
> >    __  ___     ___ ____  __
> >   /  |/  /_ __/ __/ __ \/ /   Tonu Samuel <[EMAIL PROTECTED]>
> >  / /|_/ / // /\ \/ /_/ / /__  MySQL AB, http://www.mysql.com/
> > /_/  /_/\_, /___/\___\_\___/  Tallinn, Estonia
> >        <___/
>
> Regards,
> Sergei
>
> --
> MySQL Development Team
>    __  ___     ___ ____  __
>   /  |/  /_ __/ __/ __ \/ /   Sergei Golubchik <[EMAIL PROTECTED]>
>  / /|_/ / // /\ \/ /_/ / /__  MySQL AB, http://www.mysql.com/
> /_/  /_/\_, /___/\___\_\___/  Osnabrueck, Germany
>        <___/
>
> ---------------------------------------------------------------------
> Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail
<[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Database/table encryption

Reply via email to
