List:General Discussion« Previous MessageNext Message »
From:David Brodbeck Date:May 27 2003 6:36pm
Subject:RE: How to secure a MySQL database from people with physical acce ss
View as plain text  

> -----Original Message-----
> From: mos [mailto:mos99@stripped]

> I could encrypt certain table fields, but this will make 
> writing the front 
> end a pain because all SQL statements will now need to be 
> changed any time 
> a new column is encrypted.

It also won't help you any, because the software will have to contain
everything needed to do the decryption.  Unless you can somehow prevent a
hypothetical attacker from getting this software, your encryption is only
going to keep a casual attacker out.  All he has to do is decompile the
software enough to figure out your encryption routine.

Generally there's very little you can do to protect data from someone with
physical access to the machine -- unless you can keep it in encrypted form,
and only decrypt it elsewhere, so that the decryption key never passes
through the vulnerable machine.
Thread
How to secure a MySQL database from people with physical accessmos27 May
  • Re: How to secure a MySQL database from people with physical accessJoel Rees28 May
    • Select name, email where birthday = ??Scott Haneda28 May
      • RE: Select name, email where birthday = ??Adam Clauss28 May
      • Re: Select name, email where birthday = ??Marcel Forget28 May
RE: How to secure a MySQL database from people with physical acce ssDavid Brodbeck27 May
RE: How to secure a MySQL database from people with physical acce ssmos27 May
RE: How to secure a MySQL database from people with physical acce ssmos27 May
  • Re: How to secure a MySQL database from people with physical acce ssMichael T. Babcock28 May
Re: Select name, email where birthday = ??Inandjo Taurel28 May