From: Jan Kirchhoff Date: October 27 2007 7:34am Subject: Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++ List-Archive: http://lists.mysql.com/mysql/209724 Message-Id: <4722E9EC.6040906@gmx.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit mos schrieb: > I posted this message twice in the past 3 days, and it never gets on > the mailing list. Why? > Here it is again: > > I have a Text field that contains paragraph text and for security > reasons I need to have it encrypted. If I do this, how can I still > implement full text search on it? > Also, I have a lot of Float columns that need to be protected but the > user has to use comparison operators like ">" and "<" on them. Any > recommendations? Mike, What size ist the database? Could you create some kind of (temporary) table holding the data unencrypted? As fulltext search is only possible on myisam tables, you might want to put this on a ramdisk and create it during mysql startup (just make a symlink like /var/lib/mysql/UnencryptedDatabase -> /ramdisk/ and use the |--init-file-Paramter for mysqld to create and fill the table). It would at least make it more difficult to get the data for somebody who has physical access to the machine as long as you have all your partitions encrypted as well have to enter your password during startup. ||I know there is still danger: somebody at the ISP could shut down the server and modify your initrd and try to get you password when you enter it during startup, but as long as you won't host the machine yourself, there probably is no better option. Get rackspace that has doors and can be locked... a little more security, but usually the ISP has a second key in their safe :( ||Or you might set it up so you have to enter 2 Passwords, the first one to decrypt and start a small program that checksums the kernel and initrd that is in memory, and then a second one to mount the partitions...| | If the value of the data is really a million, host it on your own and install security systems etc. and a 24/7 NOC keeping an eye on your server looking for hackers and so on. If your budget is only $100/month I would do the way I described above. ||| |Jan| ||