Re: Mysql and security?

2001-01-31 Thread msquared 

On Fri, Jan 05, 2001 at 12:10:55AM -0800, Jeremy D. Zawodny wrote:

  Is it possible to make a mysql database safe to publish it via an CD
  so that noone could read it even if he has good knowledges about
  mysql
 
 What good would publishing a database be if nobody can read it?

Perhaps you want to distribute a CD full of databases, and people buy
access to specific databases.  access = password

It means that you don't have to create a different CD for each database,
and therefore don't have to ship multiple CDs.

I know some government department does that with Australian geographical
maps.  They send you the CD, which contains all the maps, but you have to
pay to unlock the maps you need.  Or at least I think that's how it works.
:)

 2
Regards, /|/|
/   |

-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Database/table encryption

2001-01-31 Thread msquared 

I'm working for a company that has a paranoid client, and the client wants
their database to be 'secure'.

By 'secure' they mean that even if someone gains root access on the
server, the data in the database can't be compromised (obtained).

I can think of a couple of ways to do this, but I don't know if they're
practical.


The first is to have MySQL store the tables and such in an encrypted
fashion, at the file layer.


The second is to have the application encrypt the data when storing it in
the database, and decrypt it when retrieving it.  In this case, perhaps
PGP could be used to do the encryption/decryption?

PGP (or GnuPG) would be good, because it would only require a password
from the user when decrypting.  However, I suspect that the overhead in
calling PGP/GnuPG for each record would be prohibitive.  Perhaps there's a
PGP/GnuPG Perl module that doesn't require PGP or GnuPG to be installed?
(ie: has all code implemented internally, in Perl or C)


Can anyone else offer any alternative suggestions, or some guidance?


 2
Regards, /|/|
/   |

-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php