Ian,
At 09:36 AM 10/26/2007, you wrote:
On 26 Oct 2007 at 9:17, mos wrote:
> I posted this message twice in the past 3 days, and it never gets on the
> mailing list. Why?
> Here it is again:
>
> I have a Text field that contains paragraph text and for security
reasons I
> need to have it encrypted. If I do this, how can I still implement full
> text search on it?
> Also, I have a lot of Float columns that need to be protected but the user
> has to use comparison operators like ">" and "<" on them. Any
recommendations?
Hi,
This is quite a difficult one, and as usual in the field of security
depends on how valuable
the data is and how difficult you want it to be for an attacker to obtain it.
If you let us know what type of data this is and how well it has to be
protected, maybe we
can help more. "security reasons" is a bit vague, but I can understand
that you don't want
to give too much away.
The data is quite valuable because there is a lot of competition in this
particular marketplace and my competitors would like to get their hands on
it. I've spent 5 years writing the software and generating the data. Let's
say for the sake of argument the data is worth $1 million. How do I stop my
competitor from bribing some flunky at the ISP into turning over the backup
of my data or just e-mailing the MySQL password file to him? Also I don't
want anyone at the ISP viewing the data or changing it because I'd be
liable for any data errors.
I can say one thing though, in order for the data to be indexed by MySQL ,
it has to be in
an unencrypted form somewhere in the database. There is no way I know to
get around
this, but I hope someone can correct me :)
I hope so too. :)
There are quite a few databases out there that have transparent encryption
(Blowfish, AES etc.) and I'm wondering why MySQL haven't implemented it,
especially now with the new laws that make the company liable for security
breaches on the web. On the other databases I've used, I haven't noticed
any speed decrease if the table is encrypted.
Mike
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
