Auch, thanks for pointing that out, what a terrible mistake.
I am aware of the performance issue, and so is the customer. But with a
table that's only going to hold maximally 60.000 records in 10 years,
I'm not afraid it'll cause significant problems. If it gets out of hand
we'll have to think
Hi John,
OK, no conspiracy here. Here is your problem:
25 $qry = sprintf("SELECT id, line FROM `encryptietest`
WHERE AES_DECRYPT(`field`, '%') LIKE '%%%s%%'", $enckey, $word);
You are missing the "s" in "%s" for your first string argument, which
causes the query to be syntactic
I put it here:
http://pro.datisstom.nl/tests/bench.tar.bz2
The encryption isn't really a *real* security measure, except for when
somebody is stupid enough to install phpMyAdmin or anything equivalent
and try to get personal data. The problem is the password needs to be
anywhere on the applic
Hi John,
Your attachment for the php code got stripped somewhere. Can you post
it somewhere (http preferable)? In either case it's going to result in
a full table scan, so they are actually both a bad strategy long term,
but they should in theory perform as you would expect, with with
encry
-Original Message-
From: John Kraal [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 23, 2007 8:51 AM
To: mysql@lists.mysql.com
Subject: Query performance plain/text versus AES_DECRYPT(): LIKE %..%
Dear you,
I've been working on encrypting some data for a customer. They want
their per
-marche.com
> -Original Message-
> From: John Kraal [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 23, 2007 8:51 AM
> To: mysql@lists.mysql.com
> Subject: Query performance plain/text versus AES_DECRYPT(): LIKE %..%
>
> Dear you,
>
> I've been worki
Dear you,
I've been working on encrypting some data for a customer. They want
their personal/sensitive information encrypted in the database, but they
want to be able to search it too, through the application. So we've been
thinking a bit, and just started trying and benchmarking some solutions
w