List:General Discussion« Previous MessageNext Message »
From:Vikram A Date:June 17 2011 6:53am
Subject:Re: Encoding "Table Name" and "Filed Name"
View as plain text  
Sir,

I agree, its impossible to do manual look ups. But our aim is to avoid the use
of DB with out code. Also we have ensured, 'secret data is encrypted using some functions
with key'. 

I shall follow both encode i.e,  1) filed and table name, 2) data level? Or only
data level is enough by having accounts as you suggested?

Thanks You. 
Vikram

________________________________
From: Johan De Meersman <vegivamp@stripped>
To: Vikram A <vikkiatbipl@stripped>
Cc: MY SQL Mailing list <mysql@stripped>
Sent: Friday, 17 June 2011 11:50 AM
Subject: Re: Encoding "Table Name" and "Filed Name"


----- Original Message -----
> From: "Vikram A" <vikkiatbipl@stripped>
>
> My question is, DO i face any negative project management problems by
> doing this? Pleas share your experience on this aspect and commend
> our idea.

Seems... a bit pointless, no? If someone has access to the database, they can still see
the data. If someone has access to the code, they can still figure out the naming scheme.
If, for some reason, you have to do manual lookups (think debugging, custom reporting,
...) you're making your own life hard.

If you don't want people to see your data, manage your accounts. If people leave, delete
their accounts. Make sure your code prevents SQL injections (use bind variables and so
on). Firewall off your server from everything but the application server. Et cetera ad
nauseam.

There's plenty of security recommendations, but I've never heard of anyone encrypting
their table and field names. It sounds like something upper management would come up with
:-)


--
Bier met grenadyn
Is als mosterd by den wyn
Sy die't drinkt, is eene kwezel
Hy die't drinkt, is ras een ezel

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
Thread
Encoding "Table Name" and "Filed Name"Vikram A17 Jun
  • Re: Encoding "Table Name" and "Filed Name"Johan De Meersman17 Jun
    • Re: Encoding "Table Name" and "Filed Name"Vikram A17 Jun
      • Re: Encoding "Table Name" and "Filed Name"Johan De Meersman17 Jun
      • RE: Encoding "Table Name" and "Filed Name"Jerry Schwartz17 Jun
        • Re: Encoding "Table Name" and "Filed Name"Vikram A18 Jun