On Wed, Jul 03, 2002 at 08:06:52PM +0200, Tobias Bengtsson wrote:
> I want to do transparent encryption. Like being able to choose an encryption
> scheme of a table or database when created so that the data on disk is
> always encrypted.
Why don't you just put the tables on an encrypted filesystem? Afraid
root will be able to read them? Somewhere the data will be in
plaintext, root will always be able to get it if she wants. (think
about ptracing mysqld)
> I need this as my application doesn't communicate
> directly with the database. I do it via an application called tilde
> (http://tilde.tildesoftware.net), sure I can patch tilde (me and some
> others wrote it), but its not a good solution as I'm sure others need or at
> least want the same thing.
So you want it totally transperent? Without any need at all for
changes in the client.
> In the users interface it could be implemented as CREATE:ing the table with
> some extra flags, choose encryption algorithm, nums of bits etc.
> And when you're asking querys we'll need a new API to be able to send
> passphrases too.
Whoah! This is really transperant, no needs to make changes in the
> Or maybe encryption should only be turned on at the
> database level, not the table level, so you just have to pass an extra
> parameter on the mysql_real_connect()-api (the best thing is probably to
> create a new API, called something like mysql_connect_wparams(), taking an
> info-struct containing things like port, host, username, password, database,
> ssl-option etc..) or maybe just use the database-password as passphrase for
> the choosen encryption-scheme.. how strong is the PASSWORD()-funtion? is it
> just some crypt(3)-variant or good shit? come with some ideas!
What about different users (hopefully with different passwords) using
the same database?
In what way, other than protecting the database ondisk-files from
beeing stolen and read, will your proposed change increase the
security? If you are able to steal the ondisk-files you are also able
to ptrace mysqld and aquire the data that way. To me it seems as a
good way of making oneself just feel secure when infact it almost
doesn't buy you anything.
> PS. Please CC replies on the internals list to me, as I'm only on the
> general discussion list