Database Encryption
Results 1 to 4 of 4

Thread: Database Encryption

  1. #1
    Senior Member
    Join Date
    Mar 2003
    Posts
    452

    Database Encryption

    Hey guys, I run www.pureescape.net and I was just wanting to know if any of you are experienced with securing databases. I use Mysql, and I've got the user accounts secured, but, there is an ache in my stomach when I consider that lots of data in the database is plain text. Not just my data, but the data of others.

    My setup is secure, I'm just trying to prepare for worst case scenarios (network/physical attacks on the system)

    I usually use PHP for my web applications. What I'd like to know, is how can I implement encryption/decryption on the fly? So that data is encrypted before entering the database, and is decrypted after the sql query (before it's presented in clear text again to the user).

    Any info (links, turorial, code) on these techniques would be great. Also, the site ( www.pureescape.net ) is always interested in getting new members for it's discussion forums. Stop by, you'll probably meet someone you know from AO. Peace!


    Thanks in response for help.
    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  2. #2
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    PuRe, as long as you configured MySQL with SSL you should be able make use of the AES and other encryption functions.

    http://www.mysql.com/doc/en/Encryption_functions.html

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Thanks for the link, it was useful. I'm wondering how much performance overhead is gonna be created by encrypting and decrypting everything.


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    159
    Encrypt only partial fields of databse that way you can save on the performance overload....

    Other thing is proper database designing... Like what SAP follows ti sotres data in over 2500 tables... Hence even if you get an access to one of the databses you cannot make any sense out of the data residing in that database
    ****** Any man who knows all the answers most likely misunderstood the questions *****

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •