Re: Searchable/Sortable Encrypted Fields in MySQL?

Wed, 13 Jul 2005 02:03:03 -0700 

Hello.





Where are you going to store the key? You could use subqueries for

manipulations with encrypted data. Here is the example, however,

you should turn of binary logging, because insert statements are being

stored with key.



create table pwd(id int auto_increment, pass char(100), primary

key(id));

insert into pwd set pass=aes_encrypt('coolpass1','123');

insert into pwd set pass=aes_encrypt('anothercoolpass2','123');



mysql> select pass from (select aes_decrypt(pass,'123') as pass from

pwd) as unencrypted order by pass asc;

+------------------+

| pass             |

+------------------+

| anothercoolpass2 |

| coolpass1        |

+------------------+









mos <[EMAIL PROTECTED]> wrote:

> At 04:16 PM 7/12/2005, Matt McNeil wrote:

>>I need to securely store lots of sensitive contact information and

>>

>>notes in a (MySQL or other freely available) database that will be

>>

>>stored on a database server which I do not have direct access to.

>>

>>This database will be accessed by a PHP application that I am

>>

>>developing.  However, I also need to be able to search/sort these data

>>

>>with the database functions (SELECT, ORDER BY, etc) so simple PASSWORD

>>

>>style encryption

>>

>>of specific fields would not work.  (For example, I need to encrypt

>>

>>contacts' names, but need to be able to sort results by name). (I

>>

>>realize I could load the entire table into memory with PHP and

>>

>>process/search/sort it there, but

>>

>>that's obviously not a very good solution).  Ideally I would like to

>>

>>encrypt entire tables.  An encrypted file system is not really an

>>

>>option, because the goal is to prevent loss if the database server is

>>

>>hacked (in addition, I wouldn't be able to install an encrypted file

>>

>>system on the database server).

>>

>>

>>

>>Any suggestions?

> 

> Matt,

> 

>        Transparent encryption is not possible with MySQL. I've pondered 

> this problem myself and haven't found a solution other than using a 

> different database.

> 

> Mike 

> 

> 



-- 
For technical support contracts, goto https://order.mysql.com/?ref=ensita
This email is sponsored by Ensita.NET http://www.ensita.net/
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /    Gleb Paharenko
 / /|_/ / // /\ \/ /_/ / /__   [EMAIL PROTECTED]
/_/  /_/\_, /___/\___\_\___/   MySQL AB / Ensita.NET
       <___/   www.mysql.com




-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]

Reply via email to