thanks for reply - the requirement comes from a security audit - so try to think in
terms of a hacker
Obviously and (I had assumed)
1. - the files would have tight unix security file permissions applied
2. - indeed the key would be stored on an internal tightly managed box (or device)
Another Assumption
------------------
Encrypting / decrypting all data on the fly would be too expensive and grind the app
to a halt
So the question again :-
Any ideas on how to avoid having data files stored with absolutely no
protection against copying ????
If there is no solution to this then MySql should not be used on internet accessible
boxes for dynamic web sites
Thomas
-----Original Message-----
From: Fagyal, Csongor [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 12:51
To: Curley, Thomas
Cc: [EMAIL PROTECTED]
Subject: Re: Security Question
Thomas,
>I am trying to find a solution to the following security issue with MySql DB on linux
>
>- Someone copies the DB files to another box, starts a mysql instance, loads the DB
>and presto - views the 'private' data !!!
>
>
Well, "someone" should not have access rights to the DB files on the
first hand.
>Ideally I would like to know if there is any option in MySql to store the DB files in
>a secure format and one that needs a key or similiar to open the DB
>
>
If someone was able to access your DB files, he would probably also be
able to access that key (that you must store _somewhere_), wouldn't he?
- Csongor
*********************************************************************************************
This email and any attachments are confidential and intended for the sole use of the
intended recipient(s).If you receive this email in error please notify [EMAIL
PROTECTED] and delete it from your system. Any unauthorized dissemination,
retransmission, or copying of this email and any attachments is prohibited. Euroconex
does not accept any responsibility for any breach of confidence, which may arise from
the use of email. Please note that any views or opinions presented in this email are
solely those of the author and do not necessarily represent those of the Company. This
message has been scanned for known computer viruses.
*********************************************************************************************
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
