Best Practices for MySQL Encryption?

Question

I'm looking for guidance on encrypting fields (and/or tables if possible) for MySQL. I will settle for a decent tutorial but I'd really like specific tips on managing the transition from an unencrypted schema to one utilizing encrypted fields. Thanks!

Answer 1

Along with AES_ENCRYPT for the fields, if you are storing sensitive information, better enable SSL over the wire too. Also consider network separation (vlan) of the sensitive database machines and other standard security practices. Key storage is important (where is that shared aes key hanging out, surely not on the webserver(s)!) and consider the impact on indexes/queries since searching or joining table data will not be as simple as it once was.

Answer 2

There are (at least) two approaches actually. You can encrypt data stored in your tables (using EAS/DES functions for example http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html)

Or you can use encrypted hard disk partition to store your data folders (for example with TrueCrypt)