List:General Discussion« Previous MessageNext Message »
From:Carl Date:May 24 2010 2:18pm
Subject:Re: Master - master replication
View as plain text  
Mark and Patrick,

The data is encrypted on the servers (wouldn't want it any other way.)  So, 
I believe we would be transmitting encrypted data over a secure line (SSL, 
SSH, VPN, whatever.)  Doesn't sound to me that there is much of a chance a 
bad person could ever see anything.  Can anyone see how the data could be 
acquired by a bad person?  (I understand both servers have to be secured.)

Thanks,

Carl

----- Original Message ----- 
From: "Patrick Sherrill" <patrick@stripped>
To: "Carl" <carl@stripped>
Cc: <mysql@stripped>
Sent: Monday, May 24, 2010 8:09 AM
Subject: Re: Master - master replication


>I beleive the issue is more storage related than anything else.
> Multiple servers exponentially increased risk of compromise.
>
> Carl wrote:
>> This is both interesting and puzzling.
>>
>> The only way credit card information can be aquired is through SSL 
>> communication with the user (user enters credit card information which is 
>> used to authorize the transactions, whatever.)  Yet, that same process is 
>> not sufficient to comply with PCI DSS requirements to move the card 
>> information from one server to another.  Seems illogical since both 
>> transmissions are exposed in the same way.
>>
>> Thanks,
>>
>> Carl
>>   ----- Original Message ----- 
>>   From: John Daisley
>>   To: Prabhat Kumar
>>   Cc: Carl ; Walter Heck ; mysql@stripped
>>   Sent: Monday, May 24, 2010 7:39 AM
>>   Subject: Re: Master - master replication
>>
>>
>>   ssl is not enough for pci dss compliance. If you store credit card 
>> information and are not pci compliant you can be heavily fined and have 
>> your ability to process/accept credit card payments permanently removed.
>>
>>   The storage and transmission of credit card details demands end-to-end 
>> encryption and tokenization. MySQL replication with ssl is not going to 
>> meet the requirements. Probably be easier to write the data to both 
>> servers directly rather than writing to one and then trying to secure 
>> replication to a level demanded by the pci regs.
>>
>>   regards
>>   John
>>
>>
>>
>>
>>   On 24 May 2010 13:23, Prabhat Kumar <aim.prabhat@stripped> wrote:
>>
>>     I think setting up few more configuration variable in replication 
>> will secure the data in plain text transmission .
>>
>>     #--master-ssl
>>     #--master-ssl-ca
>>     #--master-ssl-capath
>>     #--master-ssl-cert
>>     #--master-ssl-cipher
>>     #--master-ssl-key
>>     http://dev.mysql.com/doc/refman/5.0/en/replication-options-slave.html
>>
>>     http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.html
>>
>>     Thanks,
>>
>>
>>
>>
>>     On Mon, May 24, 2010 at 6:45 PM, Carl <carl@stripped> wrote:
>>
>>       Interesting.  How is the best way to protect the information while 
>> using master - master replication on remote sites?  (The data contains 
>> the information of children, credit cards and bank accounts.)
>>
>>       Thanks,
>>
>>       Carl
>>
>>        ----- Original Message -----
>>        From: John Daisley
>>        To: Carl
>>        Cc: Walter Heck ; mysql@stripped
>>        Sent: Monday, May 24, 2010 6:47 AM
>>        Subject: Re: Master - master replication
>>
>>
>>        also consider that it is much more likely that remote slaves will 
>> start falling behind particularly if you throw encryption into the 
>> equation.
>>
>>        Regards
>>
>>        John
>>
>>
>>        On 24 May 2010 13:24, Carl <carl@stripped> wrote:
>>
>>          Walter,
>>
>>          Don't know how I missed that but it exactly what I needed.
>>
>>          Thanks,
>>
>>          Carl
>>          ----- Original Message ----- From: "Walter Heck" 
>> <walter@stripped>
>>          To: "Carl" <carl@stripped>
>>          Cc: <mysql@stripped>
>>          Sent: Monday, May 24, 2010 5:49 AM
>>          Subject: Re: Master - master replication
>>
>>
>>
>>          Hi Carl,
>>
>>          On Mon, May 24, 2010 at 13:42, Carl <carl@stripped> wrote:
>>
>>            1. Is the data visible during transmission?
>>
>>          Not sure what you mean there?
>>
>>
>>            2. Is there a way to encrypt the data during transmission?
>>
>>          MySQL supports SSL encryption of replication. Here's a good 
>> starting
>>          point: 
>> http://dev.mysql.com/doc/refman/5.1/en/replication-solutions-ssl.html
>>
>>          cheers,
>>
>>          Walter Heck
>>          Engineer @ Open Query (http://openquery.com)
>>
>>
>>          --
>>          MySQL General Mailing List
>>          For list archives: http://lists.mysql.com/mysql
>>          To unsubscribe: 
>> http://lists.mysql.com/mysql?unsub=1
>>
>>
>>
>>
>>
>>        --
>>        John Daisley
>>
>>        Certified MySQL 5 Database Administrator
>>        Certified MySQL 5 Developer
>>        Cognos BI Developer
>>
>>        Telephone: +44 (0)7918 621621
>>        Email: john.daisley@stripped
>>
>>
>>
>>
>>
>>     -- 
>>     Best Regards,
>>
>>     Prabhat Kumar
>>     MySQL DBA
>>     Datavail-India Mumbai
>>     Mobile     : 91-9987681929
>>     www.datavail.com
>>
>>     My Blog: http://adminlinux.blogspot.com
>>     My LinkedIn: http://www.linkedin.com/in/profileprabhat
>>
>>
>>
>>
>>   -- 
>>   John Daisley
>>
>>   Certified MySQL 5 Database Administrator
>>   Certified MySQL 5 Developer
>>   Cognos BI Developer
>>
>>   Telephone: +44 (0)7918 621621
>>   Email: john.daisley@stripped
>>
>
> -- 
> Patrick Sherrill
> patrick@stripped
>
> Michael-Clarke Company, Inc.
> Since 1982
> 825 SE 47th Terrace
> Cape Coral, FL 33904
>
> (239) 945-0821 Office
> (239) 770-6661 Cell
>
> Confidentiality Notice.  This email message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information.  Any unauthorized review, use,
> disclosure or distribution is prohibited.  If you are not the intended
> recipient, please contact the sender by reply email and destroy all
> copies of the original message.
> 

Thread
Master - master replicationCarl24 May
  • Re: Master - master replicationWalter Heck24 May
  • RE: Master - master replicationMartin Gainty24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationJohn Daisley24 May
    • RE: Master - master replicationMartin Gainty24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationJohn Daisley24 May
    • Re: Master - master replicationPrabhat Kumar24 May
      • Re: Master - master replicationJohn Daisley24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationWalter Heck24 May
      • Re: Master - master replicationMark Goodge24 May
    • RE: Master - master replicationMartin Gainty24 May
  • Re: Master - master replicationCarl24 May
    • Re: Master - master replicationPatrick Sherrill24 May
  • Re: Master - master replicationCarl24 May