Re: Data security - help required
Ratheesh K J wrote: Hello all, I have a requirement of maintaining some secret information in the database. And this information should not be visible/accessible to any other person but the owner of the data. Whilst I know that encryption/decryption is the solution for this, are there any other level of security that I can provide to this? Which is the best security technique used in MySQL to store seceret information. PS: Even the database admin should not be able to access anybody else's information Then you're stuffed - *someone* has to be able to see everything so you can do a mysqldump. *Someone* has to be able to see everything so you can grant permissions to the other users too :) -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Data security - help required
Ok.. Will it be secure if the data is encrypted. mysqldump will show encrypted data right. Actually I want to know what is the best practice for such applications. Can I say that encryption alone is sufficient to secure my data. Or is there any other strategy used for data protection? - Original Message - From: Chris [EMAIL PROTECTED] To: Ratheesh K J [EMAIL PROTECTED] Cc: mysql@lists.mysql.com Sent: Tuesday, May 15, 2007 2:42 PM Subject: Re: Data security - help required Ratheesh K J wrote: Hello all, I have a requirement of maintaining some secret information in the database. And this information should not be visible/accessible to any other person but the owner of the data. Whilst I know that encryption/decryption is the solution for this, are there any other level of security that I can provide to this? Which is the best security technique used in MySQL to store seceret information. PS: Even the database admin should not be able to access anybody else's information Then you're stuffed - *someone* has to be able to see everything so you can do a mysqldump. *Someone* has to be able to see everything so you can grant permissions to the other users too :) -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Data security - help required
Well, you can save all data encoded in the database: http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#function_encode - Mike Chris schreef: Ratheesh K J wrote: Hello all, I have a requirement of maintaining some secret information in the database. And this information should not be visible/accessible to any other person but the owner of the data. Whilst I know that encryption/decryption is the solution for this, are there any other level of security that I can provide to this? Which is the best security technique used in MySQL to store seceret information. PS: Even the database admin should not be able to access anybody else's information Then you're stuffed - *someone* has to be able to see everything so you can do a mysqldump. *Someone* has to be able to see everything so you can grant permissions to the other users too :) -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Data security - help required
Ratheesh K J wrote: Ok.. Will it be secure if the data is encrypted. mysqldump will show encrypted data right. mysqldump will show whatever the database table does - it just grabs that info and puts it into a file. If it's encrypted in the table, that's what mysqldump will show. Actually I want to know what is the best practice for such applications. Can I say that encryption alone is sufficient to secure my data. Or is there any other strategy used for data protection? You could create views for the queries you need, revoke access to the base table and only grant access to the views instead. http://dev.mysql.com/doc/refman/5.0/en/views.html Whether that helps or not depends on what you're trying to protect, and what you're trying to stop happening. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Data security - help required
On Tue, May 15, 2007 11:12, Chris wrote: Ratheesh K J wrote: Hello all, I have a requirement of maintaining some secret information in the database. And this information should not be visible/accessible to any other person but the owner of the data. Whilst I know that encryption/decryption is the solution for this, are there any other level of security that I can provide to this? Which is the best security technique used in MySQL to store seceret information. PS: Even the database admin should not be able to access anybody else's information Then you're stuffed - *someone* has to be able to see everything so you can do a mysqldump. *Someone* has to be able to see everything so you can grant permissions to the other users too :) Well, doing encryption in user-interface (PHP mcrypt) using a password not stored in app. or db would hide information pretty good. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Data security - help required
The only way to keep the data secure so ONLY the user can see it, is to have the user come up with a pass phrase that is used to encrypt the data. That pass phrase should not be stored in the database or on any of your systems. For them to see the data, they need to enter the proper pass phrase. If an incorrect one is entered, the data is decrypted incorrectly and will look like garbage. That said, if they forget the pass phrase, there is nothing that can be done. Their data is as good as lost. No forgot password mechanism in this setup. You can't prevent access to the encrypted data, since at the very least the programmer needs access to it so it can be presented to the user. - Original Message - From: Ratheesh K J [EMAIL PROTECTED] To: mysql@lists.mysql.com Cc: Chris [EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 5:19 AM Subject: Re: Data security - help required Ok.. Will it be secure if the data is encrypted. mysqldump will show encrypted data right. Actually I want to know what is the best practice for such applications. Can I say that encryption alone is sufficient to secure my data. Or is there any other strategy used for data protection? - Original Message - From: Chris [EMAIL PROTECTED] To: Ratheesh K J [EMAIL PROTECTED] Cc: mysql@lists.mysql.com Sent: Tuesday, May 15, 2007 2:42 PM Subject: Re: Data security - help required Ratheesh K J wrote: Hello all, I have a requirement of maintaining some secret information in the database. And this information should not be visible/accessible to any other person but the owner of the data. Whilst I know that encryption/decryption is the solution for this, are there any other level of security that I can provide to this? Which is the best security technique used in MySQL to store seceret information. PS: Even the database admin should not be able to access anybody else's information Then you're stuffed - *someone* has to be able to see everything so you can do a mysqldump. *Someone* has to be able to see everything so you can grant permissions to the other users too :) -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Data security - help required
On 5/15/07, Ratheesh K J [EMAIL PROTECTED] wrote: Hello all, I have a requirement of maintaining some secret information in the database. And this information should not be visible/accessible to any other person but the owner of the data. Whilst I know that encryption/decryption is the solution for this, are there any other level of security that I can provide to this? Which is the best security technique used in MySQL to store seceret information. PS: Even the database admin should not be able to access anybody else's information mcrypt is the right way to go. The security goals as you've stated them are quite hard to accomplish. For example, if the data is that sensitive and if a traditional block cipher is used, the key has to be hanging around somewhere in order to encrypt the data. Public/private key encryption would solve this issue. I have not investigated whether mcrypt supports this. But in any case the public key would be used to encrypt the data going into the database, and the private key would be used to examine the data.