Web lists-archives.com

Re: can I just encrypt tables? what about the app?




On 29/02/2016 19:50, Reindl Harald wrote:

cryptsetup/luks can achieve that way better

Only to a degree. Once the disk is unencrypted, you've got access to the filesystem. If you've got physical access to the machine, then anything which gives you console access gives you (potentially) access to the underlying database files. If you can get those, it's trivial to get access to the dataset that they contain.

However, if TDE is employed, then you've got another significant obstacle to overcome: The data is only encrypted (aiui) once it's in memory. At this point, you're needing to do attacks on RAM to get access to the data - and even then, you're unlikely to get 3 bars for a jackpot payout of the whole database schema, assuming a decent sized database.

Cheers,

Gary

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/mysql