Re: How to secure a MySQL database from people with physical acce ss
On Tue, May 27, 2003 at 03:43:14PM -0500, mos wrote: Correct, which is why I have a means of compressing and *encrypting* the .exe file. I can also lock it to the person's machine (or server) so it won't fall into the wrong hands. All such methods have been broken. If they weren't, the major software companies would all be using them to prevent cracking ... remember that the EXE has to decrypt itself. Usually it contains an obfuscated series of jumps that decrypt its image in memory while at the same time changing word offsets within the image so the decompile looks wrong from within a debugger. A couple anti-tracing measures and it makes it pretty hard to reverse- engineer, but people still do it. Other databases that use encryption will decrypt the information when a row is accessed, so there is no unencrypted data lying on the hard drive. It is extremely fast and I don't notice a speed difference between encrypted and If I were going to trust anything to be secure, it would involve data that was encrypted to the public keys of the users who deserve access *before* being sent to the database for storage. This of course prevents the use of indexing. Anything else has the problems others have mentionned. -- Michael T. Babcock CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc) http://www.fibrespeed.net/~mbabcock/ pgp0.pgp Description: PGP signature
RE: How to secure a MySQL database from people with physical acce ss
-Original Message- From: mos [mailto:[EMAIL PROTECTED] I could encrypt certain table fields, but this will make writing the front end a pain because all SQL statements will now need to be changed any time a new column is encrypted. It also won't help you any, because the software will have to contain everything needed to do the decryption. Unless you can somehow prevent a hypothetical attacker from getting this software, your encryption is only going to keep a casual attacker out. All he has to do is decompile the software enough to figure out your encryption routine. Generally there's very little you can do to protect data from someone with physical access to the machine -- unless you can keep it in encrypted form, and only decrypt it elsewhere, so that the decryption key never passes through the vulnerable machine. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: How to secure a MySQL database from people with physical acce ss
At 02:22 PM 5/27/2003, you wrote: -Original Message- From: mos [mailto:[EMAIL PROTECTED] Correct, which is why I have a means of compressing and *encrypting* the .exe file. I don't understand how this helps... The EXE file has to contain a complete decryption routine or it can't be executed. So all the person has to do is decompile the decryption routine, and then run the reverse-engineered routine against the program. Alternatively, they can use a debugger and put a breakpoint in at the end of the decryption routine. This sort of stuff does help against a casual attacker, but you always have to keep in mind that you aren't really making the software secure, just raising the energy barrier. It's a bit like the door locks on your car. They'll keep curious people out, but a determined thief will just break a window. The software encryption resists attacks like that. It may not be 100% effective, but it will make it a tough nut to crack. Yes, I am raising the bar. Most people know how to copy files onto diskettes, or email them to a friend. Not that many know how to hack an encrypted program or an encrypted database. So if I eliminate 99.9% of the attackers, I've eliminated a large portion of the threat. Over 50% of computer break-ins are done by internal employees, and by securing the software and database it will greatly reduce the number of successful attacks. It's a bit like the door locks on your car. They'll keep curious people out, but a determined thief will just break a window. Exactly. Do you lock your car when it is on the street? Why? If you're right, someone will only break the window and drive off with it anyway. So leave it unlocked and the keys in it. That way the thief won't rip out the ignition or break a window. After all, he's going to get in anyway, right? Well, the more barriers there are for the thief (or snoop) to overcome, the more likely he will go somewhere else. Mike P.S. Where'd you say you parked your car? :) -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: How to secure a MySQL database from people with physical acce ss
At 11:36 AM 5/27/2003, you wrote: -Original Message- From: mos [mailto:[EMAIL PROTECTED] I could encrypt certain table fields, but this will make writing the front end a pain because all SQL statements will now need to be changed any time a new column is encrypted. It also won't help you any, because the software will have to contain everything needed to do the decryption. Unless you can somehow prevent a hypothetical attacker from getting this software, your encryption is only going to keep a casual attacker out. All he has to do is decompile the software enough to figure out your encryption routine. Correct, which is why I have a means of compressing and *encrypting* the .exe file. I can also lock it to the person's machine (or server) so it won't fall into the wrong hands. Generally there's very little you can do to protect data from someone with physical access to the machine -- unless you can keep it in encrypted form, and only decrypt it elsewhere, so that the decryption key never passes through the vulnerable machine. Other databases that use encryption will decrypt the information when a row is accessed, so there is no unencrypted data lying on the hard drive. It is extremely fast and I don't notice a speed difference between encrypted and unencrypted files. Indexes and blobs are encrypted. Anyone trying to access the data outside of my application will see only gibberish. Anyone trying to decompile my application will see only gibberish and it would take a great deal of effort to crack it. MySQL relies on OS security and that can be easily circumvented, at least on a Windows box. I'm sure there are some good hacks for Linux as well. And putting sensitive data on a shared MySQL ISP site gives me shivers.g Even a dedicated MySQL box has its problems if it is located at an ISP outside of my control. Working with MySQL after working with encrypted databases is a lot like living in a house with no doors and windows. You pretty much have to trust everyone in your neighborhood. Mike -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
