tags:

views:

2719

answers:

8
+1  Q: 

MySQL and data file encryption

Hi,

Is there a way to encrypt the data file that mysql uses? I have a mysql server on an open machine, and I would like to encrypt the data file so even if someone copies the data files, they cannot read the data.

Thanks

A: 

you could encrypt the data within mysql using the built in encryption functionality.

as for the files, any file solution should work fine.

J.J.  2008-09-27 15:00:54
A: 

You can use an encrypted filesystem, like the native one for NTFS on Windows or one of the various options for linux. In addition you can store the data encrypted.

Vinko Vrsalovic  2008-09-27 15:30:40
+3  A: 

MySQL doesn't support data file encryption natively. There are 3rd products out there such as:

http://www.vormetric.com/products/vormetric_database_encryption_expert.html

There's a 'white paper' on the topic here:

http://www.vormetric.com/documents/FINALPart2DatabaseEncryptionCoreGuardvsColumnLevelWhitePaper7.pdf

To be honest, if the database content has any commercial value or contains personal data about individuals, you should really control who has access to the datafiles (whether encrypted or not). In the UK, leaving such data files open to casual passers-by, would be a data protection no no.

Kev  2008-09-27 15:31:35
Not just in the UK, that's a universal no-no and probably beyond.
Kris  2009-10-12 00:29:12
A: 

Thanks for the replies. I really can't store the data encrypted, since I would loose the ability of querying the data correctly.

Miguel Ping  2008-09-27 16:44:32
+1  A: 

I am not sure what do you mean when you say that your machine is open. If people have access to the console, or to your account it is much harder of a task to encrypt the file.

Did you look at Truecrypt? It works for most popular operating systems and allows to create a virtual encrypted partition, lock down a hard drive partition,an external drive or a usb device.

dimus  2008-09-28 21:36:57
A: 

Thank you all for your replies. When I say the machine is open, I mean anyone has "admin" access (it's a windows box). I think I'll have a look at TrueCrypt. I don't want to use a hosting service because of the additional cost.

Miguel Ping  2008-09-30 09:19:48
A: 

By the way, I found a simple answer: since I'm on windows, I can use NTFS encryption for a mysql windows user, and then use that user to start the mysql service.

Miguel Ping  2008-10-19 12:21:16
+2  A: 

To anyone researching a transparent MySQL encryption solution for Linux, there's a relatively new product on the block that we've been working with: http://www.critotech.com/

I am not affiliated with Critotech... just a happy customer.

Trae  2009-10-12 00:10:43

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL