At 12:31 PM 10/26/2007, you wrote:
[EMAIL PROTECTED] wrote:
mos wrote:
The data is quite valuable because there is a lot of competition in this
particular marketplace and my competitors would like to get their hands
on it. I've spent 5 years writing the software and generating the data.
Let's say for the sake of argument the data is worth $1 million. How do
I stop my competitor from bribing some flunky at the ISP into turning
over the backup of my data or just e-mailing the MySQL password file to
him? Also I don't want anyone at the ISP viewing the data or changing it
because I'd be liable for any data errors.
Host the machines in-house. I think that could be done for less than a
million bucks for a smallish setup.
Of course, I've only ever been a bystander with that sort of project, so
the figures may be a lot higher than I'm guessing. For instance, you'd
want a beefy connection installed, of course. And then there's the salary
for someone to administer to everything.
I agree. If you're using shared hosting, forget about encryption.
Physical access to the machines ALWAYS trumps every other kind of
security, so you can't do what you're trying to do (secure data in an
insecure environment).
Out of curiosity, why can't you use an ISP if the table is encrypted on a
dedicated server (using a database other than MySQL, say SQLite)? The pw
would be entered via VPN and is not stored in memory or in any file. The
data on disk is always encrypted and the selected rows are only decrypted
in memory on the fly. The ISP administrator never sees the pw or the
unencrypted data.
Rent a T1 line for $500/mo and charge customers what the data is worth.
Yes, that will solve the problem. I'd have to incur more up front costs but
security would be under my control.
Mike
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
