Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Best Practices for MySQL Encryption?

I'm looking for guidance on encrypting fields (and/or tables if possible) for MySQL. I will settle for a decent tutorial but I'd really like specific tips on managing the transition from an unencrypted schema to one utilizing encrypted fields. Thanks!

like image 416
Joseph Weissman Avatar asked Aug 02 '10 18:08

Joseph Weissman


2 Answers

Along with AES_ENCRYPT for the fields, if you are storing sensitive information, better enable SSL over the wire too. Also consider network separation (vlan) of the sensitive database machines and other standard security practices. Key storage is important (where is that shared aes key hanging out, surely not on the webserver(s)!) and consider the impact on indexes/queries since searching or joining table data will not be as simple as it once was.

like image 105
Eric B Avatar answered Sep 25 '22 00:09

Eric B


There are (at least) two approaches actually. You can encrypt data stored in your tables (using EAS/DES functions for example http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html)

Or you can use encrypted hard disk partition to store your data folders (for example with TrueCrypt)

like image 24
Mchl Avatar answered Sep 25 '22 00:09

Mchl