On Mon, Sep 22, 2008 at 12:09 PM, Philip Thompson <philthathril@xxxxxxxxx>wrote: > On Sep 22, 2008, at 9:52 AM, Nathan Rixham wrote: > > emil@xxxxxxxxxxxx wrote: >> >>> Hi, >>> What methods do you guys use to keep a mysql table encryped, or well >>> atleast a major part of it. Security is very important and I want to use a >>> public and private key. Is GPG the only safe way? It's hell of an overhead >>> using GPG on every col, even a very short string is easily 1000 characters >>> when encrypted in gpg. >>> Best Regards Emil >>> >> Personally my initial instinct is store everything on a secure non public >> facing database server and don't worry about encrypting the tables; if >> somebody can get in to your server and into the database then things need >> looked at higher up the access chain. >> > > I understand what you're saying, but I don't completely agree with this. > What happens when the DBA has a table of names and SSNs on screen and then > gets up from his desk to run to the bathroom? In the fear that he may ruin > is best slacks (err, jeans), he forgets to close the DB viewer or lock his > desktop. Mr. ShouldntBeInHere walks by, sees the monitor of data and takes a > picture with his new iPhone 3G and keeps walking. Well, now he just grabbed > 50 names and SSNs. Uh oh! > > Now, I understand that Mr. DBA should be held responsible for not taking > the necessary precautions to make sure that no one else got to his database. > However, if the database had been encrypted, then maybe, just maybe those > names wouldn't have been exploited. But, in an effort to make sure that he > is taking all the necessary precautions, shouldn't he have encrypted his > database as well? > > > If it's a staffing thing then that's what permissions are for; and if it's >> for storing things like credit card details; just don't - the major payment >> gateways will do this for you so all you need to store is the transaction >> id's and auth codes. >> >> regards >> >> nathan >> > > Also, there was this same question last Friday (I think) about encrypting > DBs. Search the archives and/or ask a MySQL list. > > But to not be a complete jerk... I use AES. > > ~Philip > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > The issues here is why are the SSNs not encrypted ( and / or hashed for searching ) and why does the DBA even need to see them? -- Bastien Cat, the other other white meat
