March 10th, 2003, 09:09 PM
Heres my project, and id thought id throw it out to you guys since you been lots of help before,
I have a mysql database or rather the company I work for has, and they deal with a lot of customer account info, s.s.n, c.c nubmer, addresses, names,phones, etc.
now their is a new bill effective in california on july 1 of this year, pretty much holding you liable for all the information that you have in your databases or whatever, The loophole in this law is that if the data is encrypted then your exempt to a certain degree.Its called something like the information security act or something.
Anyway, I have a mysql database with prob 100 or so active accounts, and the box itself is extremely secure,well for a SCO box at least,But the client has this proprietry telnet client which it uses and they will not change for anything so i need a way to encrypt the database on the unix end, but when they log on through their xp,nt,2000,98 workstations i want it to be decrypted with out them even knowing or having to do different.
Some things i was thinking about but not sure how to go about it was implement perhaps ssl or pgp and just put the keys in a public directory so that who ever authenticates has access to the info. Any ideas let me know thanks.
March 10th, 2003, 10:21 PM
ssh to tunnel the data?
ssh would only mean that the data is only encrypted from the point that it leaves the db to the point that they hit the public access point to the database. Which i guess as long as you are confident about your sco system's security might be good enough.
Might your client be up to installing a small unix system at their office? and tunnel all their traffic from their inhouse unix system to the sco system itself?... which would mean their data is only passed cleartext inside their building.... this of course is assuming that your sco server is in a different building the clients and using the public internet to communicate.... You would only need to have 1 account on their tunnel end to create and maintain the tunnel, and ssh their telnet connections to the sco system... the only adaptation they would need to make is they would need to change the host ip address from your sco system to the inhouse ssh tunnel system.
i think i confused myself there at the end, hope it makes sense to you.
March 10th, 2003, 10:38 PM
You will find it difficult to encrypt server data on disc in a useful way if you want the server to be able to boot unattended.
Essentially as it must keep the key in memory to decrypt data on demand, if it is rebooted without planning, it will lose the key which must then be manually re-entered before the database can load.
Communications to MySQL can be encrypted with SSL - although it would be better from a performance perspective to have a trusted network between your app server and database server.
If the users are using a telnet client, communications will always be unencrypted. You could try one-time passwords or securid, but this will not stop data being stolen on the wire or TCP hijacking attacks.
March 10th, 2003, 10:41 PM
I see what your saying g00n, however maybe i should explain a little better.
The telnet data running clear text is not a issue (well, to my client, to me its a BIG problem) the information security act says nothing about the security accessing the data aka,telnet,ssh,ftp what ever. But it does say that if the actuall database itself is encrypted then your are pretty much exempt form being helpd liable (to a certain extent).
So what im trying to do is have the mysql database encrypted and when the user logs on then the database is nolonger encrypted. They have to be able to use their telnet app to log on no matter what. Short of porting their client over to ssh which i have way to many things on my plate as it is ssh would not work.Because its just encrypting the data stream and not the actual database.
Let me give you an example.
user logs in over ssh, h4x0r has a sniffer on the network sees all the encrypted database and relizes that this is not worth the effort. So then he gets the unique idea *rolls eyes* to do an ellite brute force password atempt or does a little Social engineering. The end results he gets a username and a password logs on and can view the database and steals all the info. When our client gets sued we can show that we encrypted the database and we had sufficient security that is in compliance with the bill and bingo were not held liable.
Thanks for your imput however it may getting me thinking
March 10th, 2003, 11:16 PM
Mysql has built in functions to deal with this have a look at http://www.mysql.com/doc/en/Miscella...functions.html
It has examples of how to uses the function listed
Hope that helps
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"
March 10th, 2003, 11:57 PM
personally, with ssn's and such at stake i'd do both... flat out tell them that I personally will not work on the project unless they are willing to adapt and allow for encrypted data and encrypted streams...
but that might just be me, others might not care... which from what i've read is the stance your company has... that aslong as they can't be held responsible they don't care what goes on.