List:General Discussion« Previous MessageNext Message »
From:Jan Kirchhoff Date:October 27 2007 7:34am
Subject:Re: How to encrypt Text and still be able to use full text search?
3rd Attempt ++
View as plain text  
mos schrieb:
> I posted this message twice in the past 3 days, and it never gets on 
> the mailing list. Why?
> Here it is again:
>
> I have a Text field that contains paragraph text and for security 
> reasons I need to have it encrypted. If I do this, how can I still 
> implement full text search on it?
> Also, I have a lot of Float columns that need to be protected but the 
> user has to use comparison operators like ">" and "<" on them. Any 
> recommendations?
Mike,
What size ist the database?
Could you create some kind of (temporary) table holding the data 
unencrypted?
As fulltext search is only possible on myisam tables, you might want to 
put this on a ramdisk and create it during mysql startup (just make a 
symlink like /var/lib/mysql/UnencryptedDatabase -> /ramdisk/ and use the 
|--init-file-Paramter for mysqld to create and fill the table).
It would at least make it more difficult to get the data for somebody 
who has physical access to the machine as long as you have all your 
partitions encrypted as well have to enter your password during startup.

||I know there is still danger: somebody at the ISP could shut down the 
server and modify your initrd and try to get you password when you enter 
it during startup, but as long as you won't host the machine yourself, 
there probably is no better option. Get rackspace that has doors and can 
be locked... a little more security, but usually the ISP has a second 
key in their safe :(
||Or you might set it up so you have to enter 2 Passwords, the first one 
to decrypt and start a small program that checksums the kernel and 
initrd that is in memory, and then a second one to mount the partitions...|
|
If the value of the data is really a million, host it on your own and 
install security systems etc. and a 24/7 NOC keeping an eye on your 
server looking for hackers and so on.
If your budget is only $100/month I would do the way I described above.
|||
|Jan|
||
Thread
How to encrypt Text and still be able to use full text search?3rd Attempt ++mos26 Oct
  • Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++Ian26 Oct
    • Re: How to encrypt Text and still be able to use full textsearch? 3rd Attempt ++mos26 Oct
      • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++mysql26 Oct
        • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++Baron Schwartz26 Oct
          • Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++Rob Wultsch26 Oct
            • Re: How to encrypt Text and still be able to use full textsearch? 3rd Attempt ++mos26 Oct
              • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++Baron Schwartz26 Oct
          • Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++mos26 Oct
  • Re: How to encrypt Text and still be able to use full text search?3rd Attempt ++Jan Kirchhoff27 Oct
Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++William Newton26 Oct