> -----Original Message----- > From: mos [mailto:[EMAIL PROTECTED]
> I could encrypt certain table fields, but this will make > writing the front > end a pain because all SQL statements will now need to be > changed any time > a new column is encrypted.
It also won't help you any, because the software will have to contain everything needed to do the decryption. Unless you can somehow prevent a hypothetical attacker from getting this software, your encryption is only going to keep a casual attacker out. All he has to do is decompile the software enough to figure out your encryption routine.
Correct, which is why I have a means of compressing and *encrypting* the .exe file. I can also lock it to the person's machine (or server) so it won't fall into the wrong hands.
Generally there's very little you can do to protect data from someone with physical access to the machine -- unless you can keep it in encrypted form, and only decrypt it elsewhere, so that the decryption key never passes through the vulnerable machine.
Other databases that use encryption will decrypt the information when a row is accessed, so there is no unencrypted data lying on the hard drive. It is extremely fast and I don't notice a speed difference between encrypted and unencrypted files. Indexes and blobs are encrypted. Anyone trying to access the data outside of my application will see only gibberish. Anyone trying to decompile my application will see only gibberish and it would take a great deal of effort to crack it.
MySQL relies on OS security and that can be easily circumvented, at least on a Windows box. I'm sure there are some good hacks for Linux as well. And putting sensitive data on a shared MySQL ISP site gives me shivers.<g> Even a dedicated MySQL box has its problems if it is located at an ISP outside of my control. Working with MySQL after working with encrypted databases is a lot like living in a house with no doors and windows. You pretty much have to trust everyone in your neighborhood.
Mike
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
