List:General Discussion« Previous MessageNext Message »
From:mos Date:October 26 2007 5:18pm
Subject:Re: How to encrypt Text and still be able to use full text
search? 3rd Attempt ++
View as plain text  
Ian,

At 09:36 AM 10/26/2007, you wrote:
>On 26 Oct 2007 at 9:17, mos wrote:
>
> > I posted this message twice in the past 3 days, and it never gets on the
> > mailing list. Why?
> > Here it is again:
> >
> > I have a Text field that contains paragraph text and for security 
> reasons I
> > need to have it encrypted. If I do this, how can I still implement full
> > text search on it?
> > Also, I have a lot of Float columns that need to be protected but the user
> > has to use comparison operators like ">" and "<" on them. Any 
> recommendations?
>
>Hi,
>
>This is quite a difficult one, and as usual in the field of security 
>depends on how valuable
>the data is and how difficult you want it to be for an attacker to obtain it.
>
>If you let us know what type of data this is and how well it has to be 
>protected, maybe we
>can help more. "security reasons" is a bit vague, but I can understand 
>that you don't want
>to give too much away.

The data is quite valuable because there is a lot of competition in this 
particular marketplace and my competitors would like to get their hands on 
it.  I've spent 5 years writing the software and generating the data. Let's 
say for the sake of argument the data is worth $1 million. How do I stop my 
competitor from bribing some flunky at the ISP into turning over the backup 
of my data or just e-mailing the MySQL password file to him? Also I don't 
want anyone at the ISP viewing the data or changing it because I'd be 
liable for any data errors.

>I can say one thing though, in order for the data to be indexed by MySQL , 
>it has to be in
>an unencrypted form somewhere in the database. There is no way I know to 
>get around
>this, but I hope someone can correct me :)

I hope so too. :)
There are quite a few databases out there that have transparent encryption 
(Blowfish, AES etc.) and I'm wondering why MySQL haven't implemented it, 
especially now with the new laws that make the company liable for security 
breaches on the web. On the other databases I've used, I haven't noticed 
any speed decrease if the table is encrypted.

Mike
Thread
How to encrypt Text and still be able to use full text search?3rd Attempt ++mos26 Oct
  • Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++Ian26 Oct
    • Re: How to encrypt Text and still be able to use full textsearch? 3rd Attempt ++mos26 Oct
      • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++mysql26 Oct
        • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++Baron Schwartz26 Oct
          • Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++Rob Wultsch26 Oct
            • Re: How to encrypt Text and still be able to use full textsearch? 3rd Attempt ++mos26 Oct
              • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++Baron Schwartz26 Oct
          • Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++mos26 Oct
  • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++Jan Kirchhoff27 Oct
Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++William Newton26 Oct