List:General Discussion« Previous MessageNext Message »
From:Vikram A Date:June 18 2011 7:09am
Subject:Re: Encoding "Table Name" and "Filed Name"
View as plain text  
Mr. Jerry/and all,

I am drooping this idea of making schema encryption . As it
leads to lots of confusion as Mr. John said.

I am following the data level encription.

Thank you for the comments. 


From: Jerry Schwartz <jerry@stripped>
To: 'Vikram A' <vikkiatbipl@stripped>; 'Johan De Meersman'
Cc: 'MY SQL Mailing list' <mysql@stripped>
Sent: Friday, 17 June 2011 7:41 PM
Subject: RE: Encoding "Table Name" and "Filed Name"

>-----Original Message-----
>From: Vikram A [mailto:vikkiatbipl@stripped]
>Sent: Friday, June 17, 2011 2:54 AM
>To: Johan De Meersman
>Cc: MY SQL Mailing list
>Subject: Re: Encoding "Table Name" and "Filed Name"
>I agree, its impossible to do manual look ups. But our aim is to avoid the 
>of DB with out code. Also we have ensured, 'secret data is encrypted using 
>functions with key'.
[JS] A lot depends upon your ultimate goal. Do you need to keep anyone from 
seeing the data, or do you need to prevent sabotage?

Even if your DB manager can't tell what the "real" table names are, he could 
still sabotage your system simply by deleting the entire database.

>I shall follow both encode i.e,  1) filed and table name, 2) data level? Or
>only data level is enough by having accounts as you suggested?
[JS] Encrypting at the data level will prevent anyone from seeing the real 
data values, but even that requires more than just encryption. Ideally, you 
would have two people work on the encryption algorithms separately and you 
must make sure that they cannot communicate with each other -- ever!

You will need those two people (or companies) forever if you ever want to 
change the application.

There are books on this.

You always have to trust somebody, and that somebody is always the weak link. 
Somebody must be using the application, and that someone is a bigger risk that 
your DB manager.


Jerry Schwartz
Global Information Incorporated
195 Farmington Ave.
Farmington, CT 06032

860.674.8796 / FAX: 860.674.8341
E-mail: jerry@stripped
Web site:

>Thanks You.
>From: Johan De Meersman <vegivamp@stripped>
>To: Vikram A <vikkiatbipl@stripped>
>Cc: MY SQL Mailing list <mysql@stripped>
>Sent: Friday, 17 June 2011 11:50 AM
>Subject: Re: Encoding "Table Name" and "Filed Name"
>----- Original Message -----
>> From: "Vikram A" <vikkiatbipl@stripped>
>> My question is, DO i face any negative project management problems by
>> doing this? Pleas share your experience on this aspect and commend
>> our idea.
>Seems... a bit pointless, no? If someone has access to the database, they can
>still see the data. If someone has access to the code, they can still figure
>out the naming scheme. If, for some reason, you have to do manual lookups
>(think debugging, custom reporting, ...) you're making your own life hard.
>If you don't want people to see your data, manage your accounts. If people
>leave, delete their accounts. Make sure your code prevents SQL injections 
>bind variables and so on). Firewall off your server from everything but the
>application server. Et cetera ad nauseam.
>There's plenty of security recommendations, but I've never heard of anyone
>encrypting their table and field names. It sounds like something upper
>management would come up with :-)
>Bier met grenadyn
>Is als mosterd by den wyn
>Sy die't drinkt, is eene kwezel
>Hy die't drinkt, is ras een ezel
>MySQL General Mailing List
>For list archives:
>To unsubscribe:
Encoding "Table Name" and "Filed Name"Vikram A17 Jun
  • Re: Encoding "Table Name" and "Filed Name"Johan De Meersman17 Jun
    • Re: Encoding "Table Name" and "Filed Name"Vikram A17 Jun
      • Re: Encoding "Table Name" and "Filed Name"Johan De Meersman17 Jun
      • RE: Encoding "Table Name" and "Filed Name"Jerry Schwartz17 Jun
        • Re: Encoding "Table Name" and "Filed Name"Vikram A18 Jun