Daniel Gardner wrote:
> I'm thinking about using mysql for a project where the data has to be *very*
> secure. I've been prototyping the app using mysql on a Sun E6500 and the
> security seems quite good.
> I have read the section in the manual on making mysql as secure as
> possible - and all of these techniques make sense and have worked.
> The problem is I need the data to be really really hard. Using the
> suggestions in the manual, and a couple of other ways, it gets pretty hard
> to get at the data (especially if you don't know the contents of
> mysql.user). The major problem I can see is root. I'm in an environment
> where it is possible that I might have to disclose the root password -
> especially if mysqld stays on the e6500. I can get another box, but it still
> might be disclosed. Root can kill the server and start it again without
> grant tables.
> There is only one critical field in the db, so I think I need some sort of
> encryption on this field. The mysql manual mentions a couple of different
> encryption functions, but has no comment on how "good" they are. It would be
> nice to know what algorithms these encryption functions are based on, or if
> there are any plans to support really hard encryption. (perhaps I need one
> of those 5000 Euro licences ;-) )
> The application (when it's finished) will use a webserver, probably apache,
> on another box again. There also might be Windows 95 clients connecting
> using ODBC. I'm a bit worried about the security issues of transferring the
> data unprotected across our network. It is very unlikely that anyone will
> use any packet monitoring tools at this application, but because our
> business relies on this data being kept very secure I *have* to be overly
> Does anyone have any suggestions on how to make communication between the
> server and client as hard as possible. Switching on Compressed protocol
> doesn't sound quite good enough for me. Again, are there any plans to add
> very hard encryption to the mysql client and server communication?
> So, does anyone have any suggestions on how to make mysql ultra-secure in an
> insecure environment?
There is not very much you can do to secure anything if
you have to give root access to the system to somebody
else. Maybe some creative encryption, and hiding the
keys somewhere else, that's about it.