List:General Discussion« Previous MessageNext Message »
From:Andy Eastham Date:November 27 2003 7:42am
Subject:RE: Security Question
View as plain text  
Thomas,

It would be more secure if you has the DB on another server that was locked
down and only allowed access to the web server on the MySql port, (plus
probably ssh access for admin).

If you're going to the expense of audits, this must be fairly important, so
the cost of the other server would not be too significant?

Best regards,

Andy

> -----Original Message-----
> From: Curley, Thomas [mailto:thomas.curley@stripped]
> Sent: 26 November 2003 13:22
> To: mysql@stripped
> Subject: RE: Security Question
> Importance: High
>
>
> thanks for reply - the requirement comes from a security audit -
> so try to think in terms of a hacker
>
> Obviously and (I had assumed)
> 1.	- the files would have tight unix security file permissions applied
> 2.	- indeed the key would be stored on an internal tightly
> managed box (or device)
>
> Another Assumption
> ------------------
> Encrypting / decrypting all data on the fly would be too
> expensive and grind the app to a halt
>
> So the question again :-
>
> 	Any ideas on how to avoid having data files stored with
> absolutely no protection against copying ????
>
>
> If there is no solution to this then MySql should not be used on
> internet accessible boxes for dynamic web sites
>
>
> Thomas
>
>
>
>
>
>
> -----Original Message-----
> From: Fagyal, Csongor [mailto:concept@stripped]
> Sent: 26 November 2003 12:51
> To: Curley, Thomas
> Cc: mysql@stripped
> Subject: Re: Security Question
>
>
> Thomas,
>
> >I am trying to find a solution to the following security issue
> with MySql DB on linux
> >
> >- Someone copies the DB files to another box, starts a mysql
> instance, loads the DB and presto - views the 'private' data !!!
> >
> >
> Well, "someone" should not have access rights to the DB files on the
> first hand.
>
> >Ideally I would like to know if there is any option in MySql to
> store the DB files in a secure format and one that needs a key or
> similiar to open the DB
> >
> >
> If someone was able to access your DB files, he would probably also be
> able to access that key (that you must store _somewhere_), wouldn't he?
>
> - Csongor
>
>
> ******************************************************************
> ***************************
> This email and any attachments are confidential and intended for
> the sole use of the intended recipient(s).If you receive this
> email in error please notify emailadmin@stripped and delete
> it from your system. Any unauthorized dissemination,
> retransmission, or copying of this email and any attachments is
> prohibited. Euroconex does not accept any responsibility for any
> breach of confidence, which may arise from the use of email.
> Please note that any views or opinions presented in this email
> are solely those of the author and do not necessarily represent
> those of the Company. This message has been scanned for known
> computer viruses.
> ******************************************************************
> ***************************
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:
> http://lists.mysql.com/mysql?unsub=1
>
>


Thread
Security QuestionThomas Curley26 Nov
  • Re: Security QuestionCsongor Fagyal26 Nov
  • Re: Security QuestionKevin Carlson26 Nov
    • Re: Security QuestionPaul DuBois26 Nov
      • Re: Security Questionmos27 Nov
RE: Security QuestionThomas Curley26 Nov
  • Re: Security QuestionDuncan Hill26 Nov
  • Re: Security QuestionStefan Kuhn26 Nov
  • RE: Security QuestionMike Brum26 Nov
  • Re: Security QuestionSergei Golubchik26 Nov
  • RE: Security QuestionAndy Eastham27 Nov
RE: Security QuestionThomas Curley26 Nov
  • Re: Security QuestionDuncan Hill26 Nov
  • Re: Security QuestionStefan Kuhn26 Nov
    • Re: Security QuestionGlenn Stauffer26 Nov
  • Re: Security QuestionMikael Fridh26 Nov
RE: Security Questionmos26 Nov
Re[2]: Security QuestionDeBug27 Nov
  • Re: Security QuestionSergei Golubchik27 Nov