List:General Discussion« Previous MessageNext Message »
From:mos Date:October 26 2007 8:36pm
Subject:Re: How to encrypt Text and still be able to use full text
search? 3rd Attempt ++
View as plain text  
At 01:47 PM 10/26/2007, you wrote:
>On 10/26/07, Baron Schwartz <baron@stripped> wrote:
> >
> > mysql@stripped wrote:
> > > mos wrote:
> > >>
> > >> The data is quite valuable because there is a lot of competition in
> > >> this particular marketplace and my competitors would like to get their
> > >> hands on it.  I've spent 5 years writing the software and generating
> > >> the data. Let's say for the sake of argument the data is worth $1
> > >> million. How do I stop my competitor from bribing some flunky at the
> > >> ISP into turning over the backup of my data or just e-mailing the
> > >> MySQL password file to him? Also I don't want anyone at the ISP
> > >> viewing the data or changing it because I'd be liable for any data
> > >> errors.
> > >
> > > Host the machines in-house. I think that could be done for less than a
> > > million bucks for a smallish setup.
> > >
> > > Of course, I've only ever been a bystander with that sort of project, so
> > > the figures may be a lot higher than I'm guessing. For instance, you'd
> > > want a beefy connection installed, of course. And then there's the
> > > salary for someone to administer to everything.
> >
> > I agree.  If you're using shared hosting, forget about encryption.
> > Physical access to the machines ALWAYS trumps every other kind of
> > security, so you can't do what you're trying to do (secure data in an
> > insecure environment).  Rent a T1 line for $500/mo and charge customers
> > what the data is worth.
> >
> > Baron
>
>
>I also agree, however for the sake of argument could we assume that the
>order of the wording in the entry probably imparts a significant amount of
>it's value? If that is the case, I would think creating a second column of
>unencrypted  text (with a full text index) which would be nothing more than
>copy of the the text with the words in a random order might provide a bit of
>the protection that the user is looking for.

Good point. I hadn't thought of that.  :)

I also need to protect a couple dozen Float fields and thought I could 
obscure them a bit by adding an offset to them based on an encrypted id 
stored with each row. It is not going to be as good as encryption but will 
help to obfuscate the data.

Mike
Thread
How to encrypt Text and still be able to use full text search?3rd Attempt ++mos26 Oct
  • Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++Ian26 Oct
    • Re: How to encrypt Text and still be able to use full textsearch? 3rd Attempt ++mos26 Oct
      • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++mysql26 Oct
        • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++Baron Schwartz26 Oct
          • Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++Rob Wultsch26 Oct
            • Re: How to encrypt Text and still be able to use full textsearch? 3rd Attempt ++mos26 Oct
              • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++Baron Schwartz26 Oct
          • Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++mos26 Oct
  • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++Jan Kirchhoff27 Oct
Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++William Newton26 Oct