I don't know if this just a shoot in the wind but heres my configuration.
Everyting to be posted to and from the db is done first threw https: then
I have a VPN set from the actual db to http. From inside the VPN I have it
setup for IPsec. This is about as secure as I possibly know from my
history
thus far.
--
Arnix Security, Inc.
Michael Olden
http://www.arnix.net/
Charles Williams wrote:
> correct. however, as I stated you would need the key to decrypt it in the
> end to be able to use the data. With a slight modification to an md5 or
> sha-1 javascript it could be done. However, if the key is ever comprimised
> you are in trouble.
>
> chuck
>
> ----- Original Message -----
> From: "Elizabeth Alderton" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, August 23, 2001 9:26 AM
> Subject: Re: Data Encryption
>
>
>
>>Dear Chuck
>>
>>Your idea has given me an idea.
>>
>>How about:
>>
>>When we actually collect the data, we encrypt it so that it is actually
>>
> held
>
>>in mysql in an encrypted form? Then it can speed up and down the phone
>>lines in the 'raw' so to speak, but it's still in code so no one can get
>>
> it
>
>>anyway?
>>
>>We wouldn't need SSH or SSL then would we?
>>
>>Or is that too simplistic?
>>
>>Regards
>>
>>Elizabeth
>>-----Original Message-----
>>From: Charles Williams <[EMAIL PROTECTED]>
>>To: Elizabeth Alderton <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
>><[EMAIL PROTECTED]>
>>Date: 22 August 2001 21:30
>>Subject: Re: Data Encryption
>>
>>
>>
>>>I use a random key generating SHA-1 js module for all my encryption for
>>>passwords. You could do something the same using a fixed key system so
>>>
>>that
>>
>>>once it's on the server you can decrypt it. However, I haven't tried it
>>>
>>yet
>>
>>>with SHA-1 so don't know how difficult or sane it would be to try.
>>>
>>>chuck
>>>
>>>----- Original Message -----
>>>From: "Elizabeth Alderton" <[EMAIL PROTECTED]>
>>>To: <[EMAIL PROTECTED]>
>>>Sent: Wednesday, August 22, 2001 6:11 PM
>>>Subject: Data Encryption
>>>
>>>
>>>If I do a SELECT query to bring data down to a PC (this is being done
>>>through Delphi) how can I encrypt the data so that it comes safely?
>>>
>>>Equally when doing UPDATE and INSERT in the other direction I would want
>>>
> to
>
>>>encrypt the data.
>>>
>>>Can anyone help please?
>>>
>>>Regards
>>>
>>>Elizabeth
>>>
>>>
>>>
>>>
>>
>>
>>---------------------------------------------------------------------
>>Before posting, please check:
>> http://www.mysql.com/manual.php (the manual)
>> http://lists.mysql.com/ (the list archive)
>>
>>To request this thread, e-mail <[EMAIL PROTECTED]>
>>To unsubscribe, e-mail
>>
> <[EMAIL PROTECTED]
> com>
>
>>Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>>
>>
>
>
> ---------------------------------------------------------------------
> Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
>
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
