List:General Discussion« Previous MessageNext Message »
From:Patrick Sherrill Date:May 24 2010 1:09pm
Subject:Re: Master - master replication
View as plain text  
I beleive the issue is more storage related than anything else.
Multiple servers exponentially increased risk of compromise.

Carl wrote:
> This is both interesting and puzzling.  
> 
> The only way credit card information can be aquired is through SSL communication with
> the user (user enters credit card information which is used to authorize the transactions,
> whatever.)  Yet, that same process is not sufficient to comply with PCI DSS requirements
> to move the card information from one server to another.  Seems illogical since both
> transmissions are exposed in the same way.
> 
> Thanks,
> 
> Carl
>   ----- Original Message ----- 
>   From: John Daisley 
>   To: Prabhat Kumar 
>   Cc: Carl ; Walter Heck ; mysql@stripped 
>   Sent: Monday, May 24, 2010 7:39 AM
>   Subject: Re: Master - master replication
> 
> 
>   ssl is not enough for pci dss compliance. If you store credit card information and
> are not pci compliant you can be heavily fined and have your ability to process/accept
> credit card payments permanently removed. 
> 
>   The storage and transmission of credit card details demands end-to-end encryption
> and tokenization. MySQL replication with ssl is not going to meet the requirements.
> Probably be easier to write the data to both servers directly rather than writing to one
> and then trying to secure replication to a level demanded by the pci regs.
> 
>   regards
>   John
> 
> 
> 
> 
>   On 24 May 2010 13:23, Prabhat Kumar <aim.prabhat@stripped> wrote:
> 
>     I think setting up few more configuration variable in replication will secure the
> data in plain text transmission .
> 
>     #--master-ssl
>     #--master-ssl-ca
>     #--master-ssl-capath
>     #--master-ssl-cert
>     #--master-ssl-cipher
>     #--master-ssl-key 
>     http://dev.mysql.com/doc/refman/5.0/en/replication-options-slave.html
> 
>     http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.html
> 
>     Thanks,
> 
> 
> 
> 
>     On Mon, May 24, 2010 at 6:45 PM, Carl <carl@stripped> wrote:
> 
>       Interesting.  How is the best way to protect the information while using master
> - master replication on remote sites?  (The data contains the information of children,
> credit cards and bank accounts.)
> 
>       Thanks,
> 
>       Carl
> 
>        ----- Original Message -----
>        From: John Daisley
>        To: Carl
>        Cc: Walter Heck ; mysql@stripped
>        Sent: Monday, May 24, 2010 6:47 AM
>        Subject: Re: Master - master replication
> 
> 
>        also consider that it is much more likely that remote slaves will start
> falling behind particularly if you throw encryption into the equation.
> 
>        Regards
> 
>        John
> 
> 
>        On 24 May 2010 13:24, Carl <carl@stripped> wrote:
> 
>          Walter,
> 
>          Don't know how I missed that but it exactly what I needed.
> 
>          Thanks,
> 
>          Carl
>          ----- Original Message ----- From: "Walter Heck"
> <walter@stripped>
>          To: "Carl" <carl@stripped>
>          Cc: <mysql@stripped>
>          Sent: Monday, May 24, 2010 5:49 AM
>          Subject: Re: Master - master replication
> 
> 
> 
>          Hi Carl,
> 
>          On Mon, May 24, 2010 at 13:42, Carl <carl@stripped> wrote:
> 
>            1. Is the data visible during transmission?
> 
>          Not sure what you mean there?
> 
> 
>            2. Is there a way to encrypt the data during transmission?
> 
>          MySQL supports SSL encryption of replication. Here's a good starting
>          point:
> http://dev.mysql.com/doc/refman/5.1/en/replication-solutions-ssl.html
> 
>          cheers,
> 
>          Walter Heck
>          Engineer @ Open Query (http://openquery.com)
> 
> 
>          --
>          MySQL General Mailing List
>          For list archives: http://lists.mysql.com/mysql
>          To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
> 
> 
> 
> 
> 
>        --
>        John Daisley
> 
>        Certified MySQL 5 Database Administrator
>        Certified MySQL 5 Developer
>        Cognos BI Developer
> 
>        Telephone: +44 (0)7918 621621
>        Email: john.daisley@stripped
> 
> 
> 
> 
> 
>     -- 
>     Best Regards,
> 
>     Prabhat Kumar
>     MySQL DBA
>     Datavail-India Mumbai
>     Mobile     : 91-9987681929
>     www.datavail.com
> 
>     My Blog: http://adminlinux.blogspot.com
>     My LinkedIn: http://www.linkedin.com/in/profileprabhat
> 
> 
> 
> 
>   -- 
>   John Daisley
> 
>   Certified MySQL 5 Database Administrator
>   Certified MySQL 5 Developer
>   Cognos BI Developer
> 
>   Telephone: +44 (0)7918 621621
>   Email: john.daisley@stripped
> 

-- 
Patrick Sherrill
patrick@stripped

Michael-Clarke Company, Inc.
Since 1982
825 SE 47th Terrace
Cape Coral, FL 33904

(239) 945-0821 Office
(239) 770-6661 Cell

Confidentiality Notice.  This email message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply email and destroy all
copies of the original message.
Thread
Master - master replicationCarl24 May
  • Re: Master - master replicationWalter Heck24 May
  • RE: Master - master replicationMartin Gainty24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationJohn Daisley24 May
    • RE: Master - master replicationMartin Gainty24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationJohn Daisley24 May
    • Re: Master - master replicationPrabhat Kumar24 May
      • Re: Master - master replicationJohn Daisley24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationWalter Heck24 May
      • Re: Master - master replicationMark Goodge24 May
    • RE: Master - master replicationMartin Gainty24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationPatrick Sherrill24 May
  • Re: Master - master replicationCarl24 May