Re: Re: Encrypt database table

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sep 22, 2008, at 9:52 AM, Nathan Rixham wrote:


emil@xxxxxxxxxxxx wrote:

Hi,
What methods do you guys use to keep a mysql table encryped, or well atleast a major part of it. Security is very important and I want to use a public and private key. Is GPG the only safe way? It's hell of an overhead using GPG on every col, even a very short string is easily 1000 characters when encrypted in gpg. 
Best Regards Emil
Personally my initial instinct is store everything on a secure non public facing database server and don't worry about encrypting the tables; if somebody can get in to your server and into the database then things need looked at higher up the access chain.
I understand what you're saying, but I don't completely agree with this. What happens when the DBA has a table of names and SSNs on screen and then gets up from his desk to run to the bathroom? In the fear that he may ruin is best slacks (err, jeans), he forgets to close the DB viewer or lock his desktop. Mr. ShouldntBeInHere walks by, sees the monitor of data and takes a picture with his new iPhone 3G and keeps walking. Well, now he just grabbed 50 names and SSNs. Uh oh!
Now, I understand that Mr. DBA should be held responsible for not taking the necessary precautions to make sure that no one else got to his database. However, if the database had been encrypted, then maybe, just maybe those names wouldn't have been exploited. But, in an effort to make sure that he is taking all the necessary precautions, shouldn't he have encrypted his database as well?
If it's a staffing thing then that's what permissions are for; and if it's for storing things like credit card details; just don't - the major payment gateways will do this for you so all you need to store is the transaction id's and auth codes. 

regards

nathan
Also, there was this same question last Friday (I think) about encrypting DBs. Search the archives and/or ask a MySQL list. 

But to not be a complete jerk... I use AES.

~Philip

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux