From: Date: May 28 2003 4:53pm Subject: Re: How to secure a MySQL database from people with physical acce ss List-Archive: http://lists.mysql.com/mysql/141030 Message-Id: <20030528145314.GC25602@godzilla.fibrespeed.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pE2VAHO2njSJCslu" --pE2VAHO2njSJCslu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, May 27, 2003 at 03:43:14PM -0500, mos wrote: > Correct, which is why I have a means of compressing and *encrypting* the= =20 > .exe file. I can also lock it to the person's machine (or server) so it= =20 > won't fall into the wrong hands. All such methods have been broken. If they weren't, the major software companies would all be using them to prevent cracking ... remember that the EXE has to decrypt itself. Usually it contains an obfuscated series of jumps that decrypt its image in memory while at the same time changing word offsets within the image so the decompile looks wrong from within a debugger. A couple anti-tracing measures and it makes it pretty hard to reverse- engineer, but people still do it. > Other databases that use encryption will decrypt the information when a r= ow=20 > is accessed, so there is no unencrypted data lying on the hard drive. It = is=20 > extremely fast and I don't notice a speed difference between encrypted an= d=20 If I were going to trust anything to be secure, it would involve data that = was encrypted to the public keys of the users who deserve access *before* being sent to the database for storage. This of course prevents the use of index= ing. Anything else has the problems others have mentionned. --=20 Michael T. Babcock CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc) http://www.fibrespeed.net/~mbabcock/ --pE2VAHO2njSJCslu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: http://www.fibrespeed.net/~mbabcock/ iD8DBQE+1M1a/RFwCNjIh18RAqKXAJ9g8eobjV7gUO7aGzMWJqLGEz/yyQCgj5Qq llZkicsGmmeGIY13vk6MEOA= =xCpw -----END PGP SIGNATURE----- --pE2VAHO2njSJCslu--