At 01:47 PM 10/26/2007, you wrote:
On 10/26/07, Baron Schwartz <[EMAIL PROTECTED]> wrote:
>
> [EMAIL PROTECTED] wrote:
> > mos wrote:
> >>
> >> The data is quite valuable because there is a lot of competition in
> >> this particular marketplace and my competitors would like to get their
> >> hands on it. I've spent 5 years writing the software and generating
> >> the data. Let's say for the sake of argument the data is worth $1
> >> million. How do I stop my competitor from bribing some flunky at the
> >> ISP into turning over the backup of my data or just e-mailing the
> >> MySQL password file to him? Also I don't want anyone at the ISP
> >> viewing the data or changing it because I'd be liable for any data
> >> errors.
> >
> > Host the machines in-house. I think that could be done for less than a
> > million bucks for a smallish setup.
> >
> > Of course, I've only ever been a bystander with that sort of project, so
> > the figures may be a lot higher than I'm guessing. For instance, you'd
> > want a beefy connection installed, of course. And then there's the
> > salary for someone to administer to everything.
>
> I agree. If you're using shared hosting, forget about encryption.
> Physical access to the machines ALWAYS trumps every other kind of
> security, so you can't do what you're trying to do (secure data in an
> insecure environment). Rent a T1 line for $500/mo and charge customers
> what the data is worth.
>
> Baron
I also agree, however for the sake of argument could we assume that the
order of the wording in the entry probably imparts a significant amount of
it's value? If that is the case, I would think creating a second column of
unencrypted text (with a full text index) which would be nothing more than
copy of the the text with the words in a random order might provide a bit of
the protection that the user is looking for.
Good point. I hadn't thought of that. :)
I also need to protect a couple dozen Float fields and thought I could
obscure them a bit by adding an offset to them based on an encrypted id
stored with each row. It is not going to be as good as encryption but will
help to obfuscate the data.
Mike
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
