Mark and Patrick,
The data is encrypted on the servers (wouldn't want it any other way.) So,
I believe we would be transmitting encrypted data over a secure line (SSL,
SSH, VPN, whatever.) Doesn't sound to me that there is much of a chance a
bad person could ever see anything. Can anyone see how the data could be
acquired by a bad person? (I understand both servers have to be secured.)
Thanks,
Carl
----- Original Message -----
From: "Patrick Sherrill" <patrick@stripped>
To: "Carl" <carl@stripped>
Cc: <mysql@stripped>
Sent: Monday, May 24, 2010 8:09 AM
Subject: Re: Master - master replication
>I beleive the issue is more storage related than anything else.
> Multiple servers exponentially increased risk of compromise.
>
> Carl wrote:
>> This is both interesting and puzzling.
>>
>> The only way credit card information can be aquired is through SSL
>> communication with the user (user enters credit card information which is
>> used to authorize the transactions, whatever.) Yet, that same process is
>> not sufficient to comply with PCI DSS requirements to move the card
>> information from one server to another. Seems illogical since both
>> transmissions are exposed in the same way.
>>
>> Thanks,
>>
>> Carl
>> ----- Original Message -----
>> From: John Daisley
>> To: Prabhat Kumar
>> Cc: Carl ; Walter Heck ; mysql@stripped
>> Sent: Monday, May 24, 2010 7:39 AM
>> Subject: Re: Master - master replication
>>
>>
>> ssl is not enough for pci dss compliance. If you store credit card
>> information and are not pci compliant you can be heavily fined and have
>> your ability to process/accept credit card payments permanently removed.
>>
>> The storage and transmission of credit card details demands end-to-end
>> encryption and tokenization. MySQL replication with ssl is not going to
>> meet the requirements. Probably be easier to write the data to both
>> servers directly rather than writing to one and then trying to secure
>> replication to a level demanded by the pci regs.
>>
>> regards
>> John
>>
>>
>>
>>
>> On 24 May 2010 13:23, Prabhat Kumar <aim.prabhat@stripped> wrote:
>>
>> I think setting up few more configuration variable in replication
>> will secure the data in plain text transmission .
>>
>> #--master-ssl
>> #--master-ssl-ca
>> #--master-ssl-capath
>> #--master-ssl-cert
>> #--master-ssl-cipher
>> #--master-ssl-key
>> http://dev.mysql.com/doc/refman/5.0/en/replication-options-slave.html
>>
>> http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.html
>>
>> Thanks,
>>
>>
>>
>>
>> On Mon, May 24, 2010 at 6:45 PM, Carl <carl@stripped> wrote:
>>
>> Interesting. How is the best way to protect the information while
>> using master - master replication on remote sites? (The data contains
>> the information of children, credit cards and bank accounts.)
>>
>> Thanks,
>>
>> Carl
>>
>> ----- Original Message -----
>> From: John Daisley
>> To: Carl
>> Cc: Walter Heck ; mysql@stripped
>> Sent: Monday, May 24, 2010 6:47 AM
>> Subject: Re: Master - master replication
>>
>>
>> also consider that it is much more likely that remote slaves will
>> start falling behind particularly if you throw encryption into the
>> equation.
>>
>> Regards
>>
>> John
>>
>>
>> On 24 May 2010 13:24, Carl <carl@stripped> wrote:
>>
>> Walter,
>>
>> Don't know how I missed that but it exactly what I needed.
>>
>> Thanks,
>>
>> Carl
>> ----- Original Message ----- From: "Walter Heck"
>> <walter@stripped>
>> To: "Carl" <carl@stripped>
>> Cc: <mysql@stripped>
>> Sent: Monday, May 24, 2010 5:49 AM
>> Subject: Re: Master - master replication
>>
>>
>>
>> Hi Carl,
>>
>> On Mon, May 24, 2010 at 13:42, Carl <carl@stripped> wrote:
>>
>> 1. Is the data visible during transmission?
>>
>> Not sure what you mean there?
>>
>>
>> 2. Is there a way to encrypt the data during transmission?
>>
>> MySQL supports SSL encryption of replication. Here's a good
>> starting
>> point:
>> http://dev.mysql.com/doc/refman/5.1/en/replication-solutions-ssl.html
>>
>> cheers,
>>
>> Walter Heck
>> Engineer @ Open Query (http://openquery.com)
>>
>>
>> --
>> MySQL General Mailing List
>> For list archives: http://lists.mysql.com/mysql
>> To unsubscribe:
>> http://lists.mysql.com/mysql?unsub=1
>>
>>
>>
>>
>>
>> --
>> John Daisley
>>
>> Certified MySQL 5 Database Administrator
>> Certified MySQL 5 Developer
>> Cognos BI Developer
>>
>> Telephone: +44 (0)7918 621621
>> Email: john.daisley@stripped
>>
>>
>>
>>
>>
>> --
>> Best Regards,
>>
>> Prabhat Kumar
>> MySQL DBA
>> Datavail-India Mumbai
>> Mobile : 91-9987681929
>> www.datavail.com
>>
>> My Blog: http://adminlinux.blogspot.com
>> My LinkedIn: http://www.linkedin.com/in/profileprabhat
>>
>>
>>
>>
>> --
>> John Daisley
>>
>> Certified MySQL 5 Database Administrator
>> Certified MySQL 5 Developer
>> Cognos BI Developer
>>
>> Telephone: +44 (0)7918 621621
>> Email: john.daisley@stripped
>>
>
> --
> Patrick Sherrill
> patrick@stripped
>
> Michael-Clarke Company, Inc.
> Since 1982
> 825 SE 47th Terrace
> Cape Coral, FL 33904
>
> (239) 945-0821 Office
> (239) 770-6661 Cell
>
> Confidentiality Notice. This email message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply email and destroy all
> copies of the original message.
>
