Have you considered putting your databases on an encrypted filesystem ? You don't need to add anything to mysql and those filesystems already exist (although I have not yet used them).
Regards, Joseph Bueno mos wrote: > At 08:15 AM 11/18/2002, you wrote: > > > * Alexandre Aguiar > > > On 14 Nov 2002 Fraser Stuart shaped the electrons to write something > > > about [Mysql & Encryption] > > > > > > > We are about to embark on a project that requires data encryption - > > > > mainly to stop sensitive information being viewed accidentally (ie > > > > > > Isnīt it possible to tunnel MySQL connections through ssl? > > > > Yes, but how would that prevent users from viewing the content of the > > tables? The sentence you cut off continues like this: "(ie viewing > tables > > directly through odbc connections or standard mysql clients)." > > > > Encrypting the client/server communication will not help. > > > > What's wrong with using GRANT? > > > > Roger, > Grant becomes almost useless if someone breaks in and steals > your computer(s). Once he gains root access to your machine he can > eventually get to your data. This is more common that you might think. > How many servers are really physically secure? Are they locked up in a > concrete room with round the clock security? A smash and grab can net > someone all your databases in less than 2 minutes. He's out the door > long before the police show up. It is even worse if you have sensitive > MySQL data running on a laptop. Laptops have a tendency of growing legs > and walking off when you turn your back. Am I being paranoid? You bet I > am! That disgruntled employee you fired last week may sell your customer > list to your competitor. He probably had time to copy your database > files on CD-Rom when he was working late one night. > > There is also the security problem of sharing a MySQL database > with an ISP on a shared database server. You have to trust your ISP > administrator, everyone who works there, and every other company who is > using the same database server. Would it surprise you to learn your > major competitor just signed up with your ISP and is running his > "application" on the same shared database server as you are? > > The best way to easily secure your data would be to use table > wide encryption. Several databases use this technique to encrypt > everything in the table (data, indexes, blobs). Even with a file editor, > everything remains scrambled. From the tests I've done with these > databases, this DOES NOT add a performance hit to the database, at least > none that I could measure. This password is known only to the developer. > The ISP would not need to know it. Other companies sharing the same db > server (ISP) would see only scrambled data if they tried to access one > of your tables without the password. > > I'm sure MySQL could have table wide encryption if a client is > willing to fund the project. So if you have some cash and want better > security, talk to MySQL-AB and get the ball rolling. > > Mike > --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php