List:General Discussion« Previous MessageNext Message »
From:Carl Date:May 24 2010 1:57pm
Subject:Re: Master - master replication
View as plain text  
This is both interesting and puzzling.  

The only way credit card information can be aquired is through SSL communication with the
user (user enters credit card information which is used to authorize the transactions,
whatever.)  Yet, that same process is not sufficient to comply with PCI DSS requirements
to move the card information from one server to another.  Seems illogical since both
transmissions are exposed in the same way.

Thanks,

Carl
  ----- Original Message ----- 
  From: John Daisley 
  To: Prabhat Kumar 
  Cc: Carl ; Walter Heck ; mysql@stripped 
  Sent: Monday, May 24, 2010 7:39 AM
  Subject: Re: Master - master replication


  ssl is not enough for pci dss compliance. If you store credit card information and are
not pci compliant you can be heavily fined and have your ability to process/accept credit
card payments permanently removed. 

  The storage and transmission of credit card details demands end-to-end encryption and
tokenization. MySQL replication with ssl is not going to meet the requirements. Probably
be easier to write the data to both servers directly rather than writing to one and then
trying to secure replication to a level demanded by the pci regs.

  regards
  John




  On 24 May 2010 13:23, Prabhat Kumar <aim.prabhat@stripped> wrote:

    I think setting up few more configuration variable in replication will secure the data
in plain text transmission .

    #--master-ssl
    #--master-ssl-ca
    #--master-ssl-capath
    #--master-ssl-cert
    #--master-ssl-cipher
    #--master-ssl-key 
    http://dev.mysql.com/doc/refman/5.0/en/replication-options-slave.html

    http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.html

    Thanks,




    On Mon, May 24, 2010 at 6:45 PM, Carl <carl@stripped> wrote:

      Interesting.  How is the best way to protect the information while using master -
master replication on remote sites?  (The data contains the information of children,
credit cards and bank accounts.)

      Thanks,

      Carl

       ----- Original Message -----
       From: John Daisley
       To: Carl
       Cc: Walter Heck ; mysql@stripped
       Sent: Monday, May 24, 2010 6:47 AM
       Subject: Re: Master - master replication


       also consider that it is much more likely that remote slaves will start falling
behind particularly if you throw encryption into the equation.

       Regards

       John


       On 24 May 2010 13:24, Carl <carl@stripped> wrote:

         Walter,

         Don't know how I missed that but it exactly what I needed.

         Thanks,

         Carl
         ----- Original Message ----- From: "Walter Heck" <walter@stripped>
         To: "Carl" <carl@stripped>
         Cc: <mysql@stripped>
         Sent: Monday, May 24, 2010 5:49 AM
         Subject: Re: Master - master replication



         Hi Carl,

         On Mon, May 24, 2010 at 13:42, Carl <carl@stripped> wrote:

           1. Is the data visible during transmission?

         Not sure what you mean there?


           2. Is there a way to encrypt the data during transmission?

         MySQL supports SSL encryption of replication. Here's a good starting
         point: http://dev.mysql.com/doc/refman/5.1/en/replication-solutions-ssl.html

         cheers,

         Walter Heck
         Engineer @ Open Query (http://openquery.com)


         --
         MySQL General Mailing List
         For list archives: http://lists.mysql.com/mysql
         To unsubscribe:    http://lists.mysql.com/mysql?unsub=1





       --
       John Daisley

       Certified MySQL 5 Database Administrator
       Certified MySQL 5 Developer
       Cognos BI Developer

       Telephone: +44 (0)7918 621621
       Email: john.daisley@stripped





    -- 
    Best Regards,

    Prabhat Kumar
    MySQL DBA
    Datavail-India Mumbai
    Mobile     : 91-9987681929
    www.datavail.com

    My Blog: http://adminlinux.blogspot.com
    My LinkedIn: http://www.linkedin.com/in/profileprabhat




  -- 
  John Daisley

  Certified MySQL 5 Database Administrator
  Certified MySQL 5 Developer
  Cognos BI Developer

  Telephone: +44 (0)7918 621621
  Email: john.daisley@stripped

Thread
Master - master replicationCarl24 May
  • Re: Master - master replicationWalter Heck24 May
  • RE: Master - master replicationMartin Gainty24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationJohn Daisley24 May
    • RE: Master - master replicationMartin Gainty24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationJohn Daisley24 May
    • Re: Master - master replicationPrabhat Kumar24 May
      • Re: Master - master replicationJohn Daisley24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationWalter Heck24 May
      • Re: Master - master replicationMark Goodge24 May
    • RE: Master - master replicationMartin Gainty24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationPatrick Sherrill24 May
  • Re: Master - master replicationCarl24 May