Hi All, Here are my two main security issues.
1) (valid) user does a sudo to root and runs "strings <db name>.MYD" - out drops all the sensitive text 2) (clever) user gets hold of the application user/password for MySQL (it's in the app config somewhere) - they run "mysql --user=foo --password=bar" and away they go... Using GRANT will not stop #1 or #2 Encrypting the comms will not stop #1 or #2 Encrypting the file system may stop #1 but not #2 Encrypting fields will stop #1 & #2 so long as they don't have the key. Thanks again, Fraser _________________________________________________ Fraser Stuart Logistics IT 77-85 Phone: +61 2 9335 1235 Roberts Rd Mobile: +61 419 233 732 Greenacre NSW [EMAIL PROTECTED] Australia 2190 www.toll.com.au _________________________________________________ | -----Original Message----- | From: Roger Baklund [mailto:[EMAIL PROTECTED]] | Sent: Tuesday, 19 November 2002 1:15 AM | To: [EMAIL PROTECTED] | Cc: Alexandre Aguiar; Fraser Stuart | Subject: Re: Mysql & Encryption | | | * Alexandre Aguiar | > On 14 Nov 2002 Fraser Stuart shaped the electrons to write something | > about [Mysql & Encryption] | > | > > We are about to embark on a project that requires data encryption - | > > mainly to stop sensitive information being viewed accidentally (ie | > | > Isnīt it possible to tunnel MySQL connections through ssl? | | Yes, but how would that prevent users from viewing the content of the | tables? The sentence you cut off continues like this: "(ie viewing tables | directly through odbc connections or standard mysql clients)." | | Encrypting the client/server communication will not help. | | What's wrong with using GRANT? | | -- | Roger | sql | | | --------------------------------------------------------------------- | Before posting, please check: | http://www.mysql.com/manual.php (the manual) | http://lists.mysql.com/ (the list archive) | | To request this thread, e-mail <[EMAIL PROTECTED]> | To unsubscribe, e-mail | <[EMAIL PROTECTED]> | Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php | | --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php