Re: can I just encrypt tables? what about the app?
- Date: Mon, 29 Feb 2016 14:30:25 -0500
- From: "shawn l.green" <shawn.l.green@xxxxxxxxxx>
- Subject: Re: can I just encrypt tables? what about the app?
On 2/29/2016 2:16 PM, Reindl Harald wrote:
Am 29.02.2016 um 20:07 schrieb Jesper Wisborg Krogh:
On 1/03/2016 00:31, lejeczek wrote:
a novice type of question - having a php + mysql, can one just encrypt
(internally in mysql) tables and php will be fine?
If not, would it be easy to re-code php to work with this new,
Starting with MysQL 5.7.11, there is transparent data encryption (TDE)
for InnoDB tables. If you use that, it is as the name suggest
transparent for PHP. See also:
i still don't grok a usecase for such encryption because when a
webserver got compromised you have the same access as before, just
solwer with more overhead in general
what is the purpose of encryption on that layer?
Some process requirements state that some data should never be stored on
disk in plain text. This is one way to meet those requirements.
Some data has been compromised not by cracking the primary database but
by breaking into a server containing backups of the data. This new
feature allows file-level backups (like those generated by MySQL
Enterprise Backup) to be secure.
What that feature achieves is that the data will be encrypted at rest,
not just in flight (using SSL).
Clearly, this does not defeat an attacker who is able to compromise or
become an authenticated client who is normally allowed to read that
data. To fix that problem, you must employ application-level encryption
which encodes the data actually stored on the table. Clearly this last
type of encryption breaks the database server's ability to index the
data as the server would have no key to decrypt the content of the
fields to build any normal (clear-content) indexes on it. It would only
be able to index the encrypted (opaque) data. The clients would need to
code their queries with WHERE clauses looking for the exact encrypted
values they wanted to find.
MySQL Senior Principal Technical Support Engineer
Oracle USA, Inc. - Integrated Cloud Applications & Platform Services
Office: Blountville, TN
Become certified in MySQL! Visit https://www.mysql.com/certification/
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql