| List: | General Discussion | « Previous MessageNext Message » | |
| From: | mos | Date: | May 27 2003 10:43pm |
| Subject: | RE: How to secure a MySQL database from people with physical acce ss | ||
| View as plain text | |||
At 11:36 AM 5/27/2003, you wrote: > > -----Original Message----- > > From: mos [mailto:mos99@stripped] > > > I could encrypt certain table fields, but this will make > > writing the front > > end a pain because all SQL statements will now need to be > > changed any time > > a new column is encrypted. > >It also won't help you any, because the software will have to contain >everything needed to do the decryption. Unless you can somehow prevent a >hypothetical attacker from getting this software, your encryption is only >going to keep a casual attacker out. All he has to do is decompile the >software enough to figure out your encryption routine. Correct, which is why I have a means of compressing and *encrypting* the .exe file. I can also lock it to the person's machine (or server) so it won't fall into the wrong hands. >Generally there's very little you can do to protect data from someone with >physical access to the machine -- unless you can keep it in encrypted form, >and only decrypt it elsewhere, so that the decryption key never passes >through the vulnerable machine. Other databases that use encryption will decrypt the information when a row is accessed, so there is no unencrypted data lying on the hard drive. It is extremely fast and I don't notice a speed difference between encrypted and unencrypted files. Indexes and blobs are encrypted. Anyone trying to access the data outside of my application will see only gibberish. Anyone trying to decompile my application will see only gibberish and it would take a great deal of effort to crack it. MySQL relies on OS security and that can be easily circumvented, at least on a Windows box. I'm sure there are some good hacks for Linux as well. And putting sensitive data on a shared MySQL ISP site gives me shivers.<g> Even a dedicated MySQL box has its problems if it is located at an ISP outside of my control. Working with MySQL after working with encrypted databases is a lot like living in a house with no doors and windows. You pretty much have to trust everyone in your neighborhood. Mike
| Thread | ||
|---|---|---|
| • How to secure a MySQL database from people with physical access | mos | 27 May |
| • Re: How to secure a MySQL database from people with physical access | Joel Rees | 28 May |
| • Select name, email where birthday = ?? | Scott Haneda | 28 May |
| • RE: Select name, email where birthday = ?? | Adam Clauss | 28 May |
| • Re: Select name, email where birthday = ?? | Marcel Forget | 28 May |
| • RE: How to secure a MySQL database from people with physical acce ss | David Brodbeck | 27 May |
| • RE: How to secure a MySQL database from people with physical acce ss | mos | 27 May |
| • RE: How to secure a MySQL database from people with physical acce ss | mos | 27 May |
| • Re: How to secure a MySQL database from people with physical acce ss | Michael T. Babcock | 28 May |
| • Re: Select name, email where birthday = ?? | Inandjo Taurel | 28 May |
© 1995-2008 MySQL AB, 2008-2009 Sun Microsystems, Inc.
Page generated in 0.026 sec. using MySQL 5.1.14-beta-log