Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-13-2008, 12:56 PM
|
#1
|
Member
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Rep:
|
mysql encryption & security
Hello!
I am studying different options in order to encrypt mysql fields. I am wondering since even AES encrypting uses a passtring, what is the advantage of encryption, because once a database is compromised, the hacker will probably also have access to passtring as well?
Thanks,
Murdock1979
Last edited by Murdock1979; 01-13-2008 at 02:49 PM.
|
|
|
01-15-2008, 05:08 PM
|
#2
|
Member
Registered: May 2004
Location: Iowa USA
Distribution: CentOS
Posts: 419
Rep:
|
You should perform the encryption in your application and store the encrypted data in the database. The encryption key and the plaintext version of the data will be stored in the replication logs, and might even end up in the error logs.
|
|
|
01-15-2008, 05:30 PM
|
#3
|
Member
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Original Poster
Rep:
|
Thank you!
You do bring up a critical point, which I did not realize, is that mysql logs its modifications. If this is so, so then this makes my point even stronger - what is the advantage of encryption, if the entire sql command is logged?
If the application is running on a separate server, I'd assume that the mysql logs are stored on the mysql server and not the application server, thus further defeating the encryption.
Thanks,
Murdock
|
|
|
01-16-2008, 07:38 AM
|
#4
|
Member
Registered: May 2004
Location: Iowa USA
Distribution: CentOS
Posts: 419
Rep:
|
Quote:
what is the advantage of encryption, if the entire sql command is logged?
|
A fair question, and one I can't answer. MySQL can do math, too, although the MySQL developers themselves will tell you that you shouldn't use it for a calculator.
If the application is on another server, that is all the more reason to have the application take care of encrypting it, lest the data be passed unencrypted over the link between the app server and the database server.
|
|
|
01-18-2008, 11:12 AM
|
#5
|
Member
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Rep:
|
How about encrypting the whole drive or drive slice where the SQL data resides? This, along with an encrypted communication channel (SSL or VPN), may provide some alternatives/workarounds for you.
|
|
|
All times are GMT -5. The time now is 04:32 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|