Re: Data security - help required

Tue, 15 May 2007 06:17:07 -0700

The only way to keep the data secure so ONLY the user can see it, is to have the user come up with a pass phrase that is used to encrypt the data. That pass phrase should not be stored in the database or on any of your systems. For them to see the data, they need to enter the proper pass phrase. If an incorrect one is entered, the data is decrypted incorrectly and will look like garbage. That said, if they forget the pass phrase, there is nothing that can be done. Their data is as good as lost. No "forgot password" mechanism in this setup.
You can't prevent access to the encrypted data, since at the very least the programmer needs access to it so it can be presented to the user. 


----- Original Message ----- 
From: "Ratheesh K J" <[EMAIL PROTECTED]>

To: <mysql@lists.mysql.com>
Cc: "Chris" <[EMAIL PROTECTED]>
Sent: Tuesday, May 15, 2007 5:19 AM
Subject: Re: Data security - help required



Ok.. Will it be secure if the data is encrypted. mysqldump will show encrypted 
data right.

Actually I want to know what is the best practice for such applications. Can I say that encryption alone is sufficient to secure 
my data. Or is there any other strategy used for data protection?
----- Original Message ----- 
From: "Chris" <[EMAIL PROTECTED]>

To: "Ratheesh K J" <[EMAIL PROTECTED]>
Cc: <mysql@lists.mysql.com>
Sent: Tuesday, May 15, 2007 2:42 PM
Subject: Re: Data security - help required



Ratheesh K J wrote:

Hello all,


I have a requirement of maintaining some secret information in the database. And this information should not be 
visible/accessible to any other person but the owner of the data.
Whilst I know that encryption/decryption is the solution for this, are there any other level of security that I can provide to 
this?


Which is the best security technique used in MySQL to store seceret information.

PS: Even the database admin should not be able to access anybody else's 
information


Then you're stuffed - *someone* has to be able to see everything so you can do 
a mysqldump.

*Someone* has to be able to see everything so you can grant permissions to the 
other users too :)



--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]




--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]























					Reply via email to