Well, I'm not an expert on security, but I don't think this is a database issue. It is really a file/operating system issue. I don't think you can do anything in the database against copying the files. If somebody has access on file system level, the dbms is powerless. So I think you need to think about the OS. Stefan
Am Wednesday 26 November 2003 14:22 schrieb Curley, Thomas: > thanks for reply - the requirement comes from a security audit - so try to > think in terms of a hacker > > Obviously and (I had assumed) > 1. - the files would have tight unix security file permissions applied > 2. - indeed the key would be stored on an internal tightly managed box (or > device) > > Another Assumption > ------------------ > Encrypting / decrypting all data on the fly would be too expensive and > grind the app to a halt > > So the question again :- > > Any ideas on how to avoid having data files stored with absolutely no > protection against copying ???? > > > If there is no solution to this then MySql should not be used on internet > accessible boxes for dynamic web sites > > > Thomas > > > > > > > -----Original Message----- > From: Fagyal, Csongor [mailto:[EMAIL PROTECTED] > Sent: 26 November 2003 12:51 > To: Curley, Thomas > Cc: [EMAIL PROTECTED] > Subject: Re: Security Question > > > Thomas, > > >I am trying to find a solution to the following security issue with MySql > > DB on linux > > > >- Someone copies the DB files to another box, starts a mysql instance, > > loads the DB and presto - views the 'private' data !!! > > Well, "someone" should not have access rights to the DB files on the > first hand. > > >Ideally I would like to know if there is any option in MySql to store the > > DB files in a secure format and one that needs a key or similiar to open > > the DB > > If someone was able to access your DB files, he would probably also be > able to access that key (that you must store _somewhere_), wouldn't he? > > - Csongor > > > *************************************************************************** >****************** This email and any attachments are confidential and > intended for the sole use of the intended recipient(s).If you receive this > email in error please notify [EMAIL PROTECTED] and delete it from > your system. Any unauthorized dissemination, retransmission, or copying of > this email and any attachments is prohibited. Euroconex does not accept any > responsibility for any breach of confidence, which may arise from the use > of email. Please note that any views or opinions presented in this email > are solely those of the author and do not necessarily represent those of > the Company. This message has been scanned for known computer viruses. > *************************************************************************** >****************** -- Stefan Kuhn M. A. Cologne University BioInformatics Center (http://www.cubic.uni-koeln.de) Zülpicher Str. 47, 50674 Cologne Tel: +49(0)221-470-7428 Fax: +49 (0) 221-470-7786 My public PGP key is available at http://pgp.mit.edu -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
