This is both interesting and puzzling.
The only way credit card information can be aquired is through SSL
communication with the user (user enters credit card information which is
used to authorize the transactions, whatever.) Yet, that same process is
not sufficient to comply with PCI DSS requirements to move the card
information from one server to another. Seems illogical since both
transmissions are exposed in the same way.
Thanks,
Carl
----- Original Message -----
From: John Daisley
To: Prabhat Kumar
Cc: Carl ; Walter Heck ; mysql@lists.mysql.com
Sent: Monday, May 24, 2010 7:39 AM
Subject: Re: Master - master replication
ssl is not enough for pci dss compliance. If you store credit card
information and are not pci compliant you can be heavily fined and have
your ability to process/accept credit card payments permanently removed.
The storage and transmission of credit card details demands end-to-end
encryption and tokenization. MySQL replication with ssl is not going to
meet the requirements. Probably be easier to write the data to both
servers directly rather than writing to one and then trying to secure
replication to a level demanded by the pci regs.
regards
John
On 24 May 2010 13:23, Prabhat Kumar <aim.prab...@gmail.com> wrote:
I think setting up few more configuration variable in replication
will secure the data in plain text transmission .
#--master-ssl
#--master-ssl-ca
#--master-ssl-capath
#--master-ssl-cert
#--master-ssl-cipher
#--master-ssl-key
http://dev.mysql.com/doc/refman/5.0/en/replication-options-slave.html
http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.html
Thanks,
On Mon, May 24, 2010 at 6:45 PM, Carl <c...@etrak-plus.com> wrote:
Interesting. How is the best way to protect the information while
using master - master replication on remote sites? (The data contains
the information of children, credit cards and bank accounts.)
Thanks,
Carl
----- Original Message -----
From: John Daisley
To: Carl
Cc: Walter Heck ; mysql@lists.mysql.com
Sent: Monday, May 24, 2010 6:47 AM
Subject: Re: Master - master replication
also consider that it is much more likely that remote slaves will
start falling behind particularly if you throw encryption into the
equation.
Regards
John
On 24 May 2010 13:24, Carl <c...@etrak-plus.com> wrote:
Walter,
Don't know how I missed that but it exactly what I needed.
Thanks,
Carl
----- Original Message ----- From: "Walter Heck"
<wal...@openquery.com>
To: "Carl" <c...@etrak-plus.com>
Cc: <mysql@lists.mysql.com>
Sent: Monday, May 24, 2010 5:49 AM
Subject: Re: Master - master replication
Hi Carl,
On Mon, May 24, 2010 at 13:42, Carl <c...@etrak-plus.com> wrote:
1. Is the data visible during transmission?
Not sure what you mean there?
2. Is there a way to encrypt the data during transmission?
MySQL supports SSL encryption of replication. Here's a good
starting
point:
http://dev.mysql.com/doc/refman/5.1/en/replication-solutions-ssl.html
cheers,
Walter Heck
Engineer @ Open Query (http://openquery.com)
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:
http://lists.mysql.com/mysql?unsub=john.dais...@butterflysystems.co.uk
--
John Daisley
Certified MySQL 5 Database Administrator
Certified MySQL 5 Developer
Cognos BI Developer
Telephone: +44 (0)7918 621621
Email: john.dais...@butterflysystems.co.uk
--
Best Regards,
Prabhat Kumar
MySQL DBA
Datavail-India Mumbai
Mobile : 91-9987681929
www.datavail.com
My Blog: http://adminlinux.blogspot.com
My LinkedIn: http://www.linkedin.com/in/profileprabhat
--
John Daisley
Certified MySQL 5 Database Administrator
Certified MySQL 5 Developer
Cognos BI Developer
Telephone: +44 (0)7918 621621
Email: john.dais...@butterflysystems.co.uk
