Hi!
On Nov 26, Curley, Thomas wrote:
> thanks for reply - the requirement comes from a security audit - so
> try to think in terms of a hacker
>
> Obviously and (I had assumed)
> 1. - the files would have tight unix security file permissions
> applied
> 2. - indeed the key would be stored on an internal tightly managed
> box (or device)
>
> Another Assumption
> ------------------
> Encrypting / decrypting all data on the fly would be too expensive and
> grind the app to a halt
>
> So the question again :-
>
> Any ideas on how to avoid having data files stored with absolutely no
> protection against copying ????
Just as you said above - "tight unix security file permissions".
That is - database files should be readable ONLY by the dedicated
"mysql" user. Thus if somebody breaks in he will need to be root to copy
these files. And if he can get root - no encryption will help, he can
get the key straight from the mysqld memory image (via /proc/*/mem)
or patch the server (again via /proc/*/mem) to decrypt all the data for
him, or hijack your connections to the server and record all the traffic
or anything. If somebody got root - you lost. Until he did - unix
permissions will help.
> If there is no solution to this then MySql should not be used on
> internet accessible boxes for dynamic web sites
See above. Web server should be on this "internet accessible box",
shouldn't it ? And it (or a CGI program) should be able to talk to
mysqld (which resides on a dedicated secure box), and it should know the
password. So if somebody can get into the box with httpd - he'll be able
to access mysqld too.
Regards,
Sergei
--
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Senior Software Developer
/_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany
<___/ www.mysql.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
