The general manager is getting concerned about how we're encrypting data
in our databases (all sensitive data is encrypted in the database, with
tight access restrictions and so on), and asked me to look at further
options, giving me the following url:
http://blog.gazzang.com/out-of-the-box-data-security-for-mysql/
It rather reads almost like snake-oil to me, or at least solving the
problem at the wrong level. If it operates between storage engine and
file system so it's transparent to clients connecting to it... surely
all anyone needs to do is then connect to a suitable machine and just
dump the MySQL data? Given the data is on servers inside a datacenter
at a bank processing facility, and behind all their security, if someone
has either gained root or physical access, I'm assuming the technology
would be fairly moot.
Disturbingly the one review I see for it is over on a rackspace page
where someone is glad it's stopping credit card details from being
visible to root users on the machine... so presumable well done to him
storing cc details in the database unencrypted.
I'm going to see if I can get a trial version and play a game of 'dodge
the salesman', but I was wondering if anyone has any observations about
it, or is using it and willing to share about it?
Paul
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
