How often do you reboot your database servers? It also protects if someone hacks into the system and gets root or the server is physically stolen.
On Wed, Aug 24, 2011 at 23:44, <[email protected]> wrote: > it only protects against the machine being stolen if the decryption key is > not also stored on the machine. This would mean that there needs to be a > manual step (either to enter the key or to unlock the key) every time the > machine boots. Since nobody does that (everyone wants the machine to boot up > without requireing a sysadmin login to it) it's snake oil in that case as > well. > > the only time this actually works is if you have the drives remote from the > system that's using them (in a SAN for example), in which case it can > protect you from the case where someone steals the drives (or if you don't > properly wipe the drives when you dispose of them) > > > really, the only thing that this solves is the audit checkbox labeled > 'database encryption' > > > David Lang > > > > > On Wed, 24 Aug 2011, Singer X.J. Wang wrote: > > Is it snake oil or is it not the solution for your problem? Just because >> its >> not the solution to your problem does not mean its snake oil and from >> reading your problem, it is not the solution for you. >> >> This is the solution for people who has a box at SoftLayer or RackSpace, >> or >> some VMs at Amazon EC2, or a rack at the colo facility themselves. It lets >> them ensure that if the box/server is compromised or stole, there is no >> data >> leak. >> >> Does it provide a valuable service? IMHO Yes. Is it what you need? No. >> >> S >> >> >> On Wed, Aug 24, 2011 at 20:38, Paul <[email protected]> wrote: >> >> The general manager is getting concerned about how we're encrypting data >>> in >>> our databases (all sensitive data is encrypted in the database, with >>> tight >>> access restrictions and so on), and asked me to look at further options, >>> giving me the following url: >>> http://blog.gazzang.com/out-****of-the-box-data-security-for-****mysql/<http://blog.gazzang.com/out-**of-the-box-data-security-for-**mysql/> >>> <http://blog.gazzang.**com/out-of-the-box-data-**security-for-mysql/<http://blog.gazzang.com/out-of-the-box-data-security-for-mysql/> >>> > >>> >>> >>> It rather reads almost like snake-oil to me, or at least solving the >>> problem at the wrong level. If it operates between storage engine and >>> file >>> system so it's transparent to clients connecting to it... surely all >>> anyone >>> needs to do is then connect to a suitable machine and just dump the MySQL >>> data? Given the data is on servers inside a datacenter at a bank >>> processing >>> facility, and behind all their security, if someone has either gained >>> root >>> or physical access, I'm assuming the technology would be fairly moot. >>> Disturbingly the one review I see for it is over on a rackspace page >>> where >>> someone is glad it's stopping credit card details from being visible to >>> root >>> users on the machine... so presumable well done to him storing cc details >>> in >>> the database unencrypted. >>> >>> I'm going to see if I can get a trial version and play a game of 'dodge >>> the >>> salesman', but I was wondering if anyone has any observations about it, >>> or >>> is using it and willing to share about it? >>> >>> Paul >>> ______________________________****_________________ >>> Tech mailing list >>> [email protected] >>> https://lists.lopsa.org/cgi-****bin/mailman/listinfo/tech<https://lists.lopsa.org/cgi-**bin/mailman/listinfo/tech> >>> <http**s://lists.lopsa.org/cgi-bin/**mailman/listinfo/tech<https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech> >>> > >>> >>> This list provided by the League of Professional System Administrators >>> http://lopsa.org/ >>> >>> >> -- >> The best compliment you could give Pythian for our service is a referral. >> > > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > -- The best compliment you could give Pythian for our service is a referral.
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
