List:General Discussion« Previous MessageNext Message »
From:Brent Baisley Date:May 15 2007 1:16pm
Subject:Re: Data security - help required
View as plain text  
The only way to keep the data secure so ONLY the user can see it, is to have the user come
up with a pass phrase that is used to 
encrypt the data. That pass phrase should not be stored in the database or on any of your
systems. For them to see the data, they 
need to enter the proper pass phrase. If an incorrect one is entered, the data is
decrypted incorrectly and will look like garbage.
That said, if they forget the pass phrase, there is nothing that can be done. Their data
is as good as lost. No "forgot password" 
mechanism in this setup.

You can't prevent access to the encrypted data, since at the very least the programmer
needs access to it so it can be presented to 
the user.

----- Original Message ----- 
From: "Ratheesh K J" <ratheesh.kj@stripped>
To: <mysql@stripped>
Cc: "Chris" <dmagick@stripped>
Sent: Tuesday, May 15, 2007 5:19 AM
Subject: Re: Data security - help required


> Ok.. Will it be secure if the data is encrypted. mysqldump will show encrypted data
> right.
> Actually I want to know what is the best practice for such applications. Can I say
> that encryption alone is sufficient to secure 
> my data. Or is there any other strategy used for data protection?
> ----- Original Message ----- 
> From: "Chris" <dmagick@stripped>
> To: "Ratheesh K J" <ratheesh.kj@stripped>
> Cc: <mysql@stripped>
> Sent: Tuesday, May 15, 2007 2:42 PM
> Subject: Re: Data security - help required
>
>
>> Ratheesh K J wrote:
>>> Hello all,
>>>
>>> I have a requirement of maintaining some secret information in the database.
> And this information should not be 
>>> visible/accessible to any other person but the owner of the data.
>>> Whilst I know that encryption/decryption is the solution for this, are there
> any other level of security that I can provide to 
>>> this?
>>>
>>> Which is the best security technique used in MySQL to store seceret
> information.
>>>
>>> PS: Even the database admin should not be able to access anybody else's
> information
>>
>> Then you're stuffed - *someone* has to be able to see everything so you can do a
> mysqldump.
>>
>> *Someone* has to be able to see everything so you can grant permissions to the
> other users too :)
>
>
> -- 
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
> 

Thread
Data security - help requiredRatheesh K J15 May
  • Re: Data security - help requiredChris15 May
    • Re: Data security - help requiredMike van Hoof15 May
    • Re: Data security - help requiredMogens Melander15 May
  • Re: Data security - help requiredRatheesh K J15 May
    • Re: Data security - help requiredChris15 May
  • Re: Data security - help requiredBrent Baisley15 May
  • Re: Data security - help requiredDavid T. Ashley15 May