On Friday 11 February 2005 11:52, love wrote: > There is not some thing secret to be stored but the idea is to encrypt > customer credit card information so it is not avilable to unauthorized > users but key cannot be stored in source code as any body who can hack > databases to pull out the information can also hack key from source > code, so make the risk 0% i wanted to know where to store the key but > now James Black has suggested to pass the key on application startup and > not to store on disk which is a good idea and will try to implement that. > > Thanks evey one for your help. > > Love .. >
Nevertheless you should be aware that the information is travelling unencrypted between the mysql client and server unless you're using SSL tunneling or similar techniques. Additionally, as long as your mysql server is running, data is also accessable unencrypted through let's say an attacker (if permissions are not set correctly or any security exploit exist) even if you pass the key at startup. Before modiying mysqld code you should consider to use a crypto filesystem storing your tables onto. Bernhard -- ____________________________________________________________________ Bernhard Fischer [EMAIL PROTECTED] Telekommunikation und Medien Fachhochschule St. PÃlten/St. Poelten University of Applied Sciences Herzogenburger StraÃe 68 | 3100 St. PÃlten | +43 (0) 2742 313228 48
pgpm3tZTzerwi.pgp
Description: PGP signature