On Sun, Mar 21, 2010 at 9:49 PM, mos <mo...@fastmail.fm> wrote: > At 03:21 PM 3/21/2010, John Daisley wrote: > >> Mike, >> >> Encrypted filesystems can seriously impact performance of MySQL. >> >> Its an entirely different issue to MySQL encryption but one would hope >> that, if you are going to go to all the trouble of using two part keys and >> the strongest encryption available in your database, you would also take as >> much care of your hardware by ensuring that it is kept secure and not left >> in the hands of an untrustworthy isp, disposed of in an insecure manner or >> kept in an insecure office. >> > > John, > > > ensuring that it is kept secure and not left in the hands of an >> untrustworthy isp, disposed of in an insecure manner or kept in an insecure >> office >> > > Jim
> In theory that makes sense. But how you would know your ISP is trustworthy > and vigilant? > > Don't store data which is this sensitive on shared servers or servers where you do not have complete control. If you must keep data like this you should invest in the hardware needed to keep it secure. As many of you already know, the Homeland Security act revoked all > expectation of privacy for data that is stored on a 3rd party server like an > ISP. The ISP is obligated to turn over any and all data at the request of a > federal employee without need for a warrant. Refusal to comply or if your > ISP tells you or anyone else the information was released, they are subject > to a long federal prison sentence. Not too many ISP's will go up against > the fed gov't. E-Bay for instance consistently turns over their customer > data every month, not only on what items people are buying and selling, but > also what they are looking at.on E-Bay. Sprint was discovered giving GPS > data on all of their phone customers to the gov't without telling their > customers. Ouch! As a result the gov't knows exactly where you've been > every minute of the day and who you've been meeting with (provided they also > had a GPS capable cell phone) because you'll have the same gps coordinates > at the same time of day. They also know how long the meeting took place. > All this without any of the parties making a cell call from the location. > Clever. > These are really issues for consumers not people looking after data and databases. This is about companies intentionally giving data out. No amount of database encryption or hardware security is ever going to stop a company from deciding to share its data. > > Have you ever heard of an ISP informing their clients that their site was > hacked into by an outside source (hacker from another country or one of your > competitors) and that your data may have been compromised? Of course not. > Security breaches happens all the time and your information could be on its > way to China for all you know, and your ISP certainly isn't going to tell > you. There is no such thing as a safe machine running at an ISP. I would > definitely store part of the password off the ISP and on a machine that I > controlled. > > I'm really surprised MySQL doesn't have table-wide encryption like so many > other databases do. This will prevent at least the low to medium level > hacker from accessing your data. I've used other databases with AES256 with > no noticeable reduction in speed. > You should choose an RDBMS that fits your needs. MySQL has many very good features but if you need full database encryption then perhaps you should be looking at using Oracle which has excellent database encryption. > > In conclusion, I wouldn't store anything at an ISP that I wouldn't write on > the back of a postcard (unless it was encrypted). :-) > My point exactly, if you have sensitive data, invest in the technology you need to look after that data, don't rely on someone else to look after it for you. > Mike > > > > > -----Original Message----- >> From: mos <mo...@fastmail.fm> >> Sent: Sunday, March 21, 2010 3:40 AM >> To: mysql@lists.mysql.com >> Subject: RE: MySQL Encryption >> >> At 05:54 PM 3/20/2010, John Daisley wrote: >> >Jim >> > >> >In the case of our encrypted data no user, application or script is given >> >access to the tables in question. Access is only granted via a couple of >> >stored procedures and to be honest if you didn't know which ones you >> would >> >have a hard job finding them as we have hundreds. >> > >> >Problem with keeping any part of the key in a place other than the mysql >> >server is you add complexity and give yourself a whole bunch of new >> >security concerns as you then have to transmit the 'key part' to the >> mysql >> >server over a network. >> > >> >For someone to take complete control of our mysql server and compromise >> >our data they would need to guess a username and password for the box in >> >under 3 attempts, then guess the root password and then guess a valid >> >mysql username and password. >> > >> >The biggest headache for us, and one which is often overlooked is 'How do >> >we keep our backups secure' >> >> Or they can find your drive in the local swap shop after the ISP retires >> your drive for a new one. Or if you are doing your own hosting, the local >> bne artist will do a smash and grab if they find out you have computers in >> your office. It happens all the time over here, even government offices >> aren't immune. Of course if your competitors want your information bad >> enough, they'll bribe one of the support staff to make an extra backup, or >> your competitor will hire people to recover your drive. Corporate and >> intra-country espionage is growing rapidly and is largely unreported by >> the >> ISP and the companies that were hit. >> >> There are many ways your drive can grow legs and walk out of there. So >> storing all of the passwords on the drive isn't secure enough, unless the >> drive itself is encrypted with a password known only to a few people in >> your company. Never trust the internet service provider to be your only >> means to protect your data or your drives. >> >> Mike >> >> >> >> >> >-----Original Message----- >> >From: Jim <j...@lowcarbfriends.com> >> >Sent: Friday, March 19, 2010 4:22 PM >> >To: John Daisley <daisleyj...@googlemail.com>; mysql@lists.mysql.com >> >Subject: Re: MySQL Encryption >> > >> >Thanks for the reply, John. >> > >> >What you are describing seems to be the approach I've seen on the few >> >places I've seen this topic discussed. >> > >> >I've been considering something along those lines, essentially a two >> >part key. >> > >> >Part one of the key is made from some data that is in the record I want >> >to protect and it is different for each record, very much like you >> suggest >> > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: > http://lists.mysql.com/mysql?unsub=john.dais...@butterflysystems.co.uk > >
