thanks for reply - the requirement comes from a security audit - so try to think in terms of a hacker
Obviously and (I had assumed) 1. - the files would have tight unix security file permissions applied 2. - indeed the key would be stored on an internal tightly managed box (or device) Another Assumption ------------------ Encrypting / decrypting all data on the fly would be too expensive and grind the app to a halt So the question again :- Any ideas on how to avoid having data files stored with absolutely no protection against copying ???? If there is no solution to this then MySql should not be used on internet accessible boxes for dynamic web sites Thomas -----Original Message----- From: Fagyal, Csongor [mailto:[EMAIL PROTECTED] Sent: 26 November 2003 12:51 To: Curley, Thomas Cc: [EMAIL PROTECTED] Subject: Re: Security Question Thomas, >I am trying to find a solution to the following security issue with MySql DB on linux > >- Someone copies the DB files to another box, starts a mysql instance, loads the DB >and presto - views the 'private' data !!! > > Well, "someone" should not have access rights to the DB files on the first hand. >Ideally I would like to know if there is any option in MySql to store the DB files in >a secure format and one that needs a key or similiar to open the DB > > If someone was able to access your DB files, he would probably also be able to access that key (that you must store _somewhere_), wouldn't he? - Csongor ********************************************************************************************* This email and any attachments are confidential and intended for the sole use of the intended recipient(s).If you receive this email in error please notify [EMAIL PROTECTED] and delete it from your system. Any unauthorized dissemination, retransmission, or copying of this email and any attachments is prohibited. Euroconex does not accept any responsibility for any breach of confidence, which may arise from the use of email. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the Company. This message has been scanned for known computer viruses. ********************************************************************************************* -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]