how do i encrypt the .frm file with a password
David Crane
database will be distributed and I need to prevent users from being able to
simply copy the files and being able to have complete access to it. I want
to do this: "Encrypt the `.frm' file with a password. This option doesn't do
anything in the standard MySQL version. "
(http://dev.mysql.com/doc/mysql/en/CREATE_TABLE.html) I have recompiled
mysql to enable 64 indexes on a table. So, recompiling it is not a problem.
Do I need a custom version or MaxDB?
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=myo...@freebsd.csie.nctu.edu.tw
Kevin Cowley
I suggest you need to go back to first principles on Unix security,
applications, and Mysql users.
Firstly and Mysql user is not necessarily a Unix user and vica-versa.
The simplest way to prevent anyone being able to access a file in Unix is
simply to remove the relevant permissions from the file.
If you have Mysql running under the user mysql and you set the permissions
as 700 (rwx --- ---) on the database directories and files then only the
mysql user, which the mysqld deamon runs as has permission to access them.
If it's simply a case of protecting tables then you just need to grant the
appropriate permissions to that Mysql user. Removing update privilege means
they can't change anything, removing delete privilege means they can't
remove anything, removing insert privilege means they can't add anything,
and removing select privilege means they can't access the table.
Kevin Cowley
R&D
Tel: 0118 902 9099 (direct line)
Email: kevin....@alchemetrics.co.uk
Web: http://www.alchemetrics.co.uk
http://lists.mysql.com/mysql?unsub=kevin....@alchemetrics.co.uk
**************************************************************************************
ALCHEMETRICS LIMITED (ALCHEMETRICS)
Mulberry Park, Fishponds Road, Wokingham, Berkshire, RG41 2GX
Tel: +44 (0) 118 902 9000 Fax: +44 (0) 118 902 9001
This e-mail is confidential and is intended for the use of the addressee only.
If you are not the intended recipient, you are hereby notified that you must
not use, copy, disclose, otherwise disseminate or take any action based on
this e-mail or any information herein.
If you receive this transmission in error, please notify the sender
immediately by reply e-mail or by using the contact details above and then
delete this e-mail.
Please note that e-mail may be susceptible to data corruption, interception
and unauthorised amendment. Alchemetrics does not accept any liability for
any such corruption, interception, amendment or the consequences thereof.
**************************************************************************************
Paul DuBois
>I need to provide some security to a database that I am working on. This
>database will be distributed and I need to prevent users from being able to
>simply copy the files and being able to have complete access to it. I want
>to do this: "Encrypt the `.frm' file with a password. This option doesn't do
>anything in the standard MySQL version. "
As far as I know, this was done long ago for one specific customer and
is not generally implemented.
--
Paul DuBois, MySQL Documentation Team
Madison, Wisconsin, USA
MySQL AB, www.mysql.com
David Crane
""David Crane"" <cr...@icdd.com> wrote in message
news:2004051115450...@lists.mysql.com...
> I need to provide some security to a database that I am working on. This
> database will be distributed and I need to prevent users from being able
to
> simply copy the files and being able to have complete access to it. I want
> to do this: "Encrypt the `.frm' file with a password. This option doesn't
do
> anything in the standard MySQL version. "
>
> (http://dev.mysql.com/doc/mysql/en/CREATE_TABLE.html) I have recompiled
> mysql to enable 64 indexes on a table. So, recompiling it is not a
problem.
> Do I need a custom version or MaxDB?
>
>
--
Kevin Cowley
Doesn't 2000/2000 pro allow you to run a service as one user with similar
access restrictions but allow other users to connect to the service?
Kevin Cowley
R&D
Tel: 0118 902 9099 (direct line)
Email: kevin....@alchemetrics.co.uk
Web: http://www.alchemetrics.co.uk
-----Original Message-----
From: David Crane [mailto:cr...@icdd.com]
http://lists.mysql.com/mysql?unsub=kevin....@alchemetrics.co.uk
**************************************************************************************
ALCHEMETRICS LIMITED (ALCHEMETRICS)
Mulberry Park, Fishponds Road, Wokingham, Berkshire, RG41 2GX
Tel: +44 (0) 118 902 9000 Fax: +44 (0) 118 902 9001
This e-mail is confidential and is intended for the use of the addressee only.
If you are not the intended recipient, you are hereby notified that you must
not use, copy, disclose, otherwise disseminate or take any action based on
this e-mail or any information herein.
If you receive this transmission in error, please notify the sender
immediately by reply e-mail or by using the contact details above and then
delete this e-mail.
Please note that e-mail may be susceptible to data corruption, interception
and unauthorised amendment. Alchemetrics does not accept any liability for
any such corruption, interception, amendment or the consequences thereof.
**************************************************************************************
David Crane
If they are able to copy the files to another computer and set up mysql
themselves, they could get access to the entire database directly and export
any or all data. Configuring the service to run as a different user would
not prevent this. And, they would have access to the files as administrator.
As I see it, the passwords for users are only used by the service itself and
passwords are not applied to the files themselves. As for operating systems,
we are going to support Windows NT, 2000, & XP.
""David Crane"" <cr...@icdd.com> wrote in message
news:2004051115450...@lists.mysql.com...
> I need to provide some security to a database that I am working on. This
> database will be distributed and I need to prevent users from being able
to
> simply copy the files and being able to have complete access to it. I want
> to do this: "Encrypt the `.frm' file with a password. This option doesn't
do
> anything in the standard MySQL version. "
>
> (http://dev.mysql.com/doc/mysql/en/CREATE_TABLE.html) I have recompiled
> mysql to enable 64 indexes on a table. So, recompiling it is not a
problem.
> Do I need a custom version or MaxDB?
>
>
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=myo...@freebsd.csie.nctu.edu.tw
Dan Greene
data itself?
> -----Original Message-----
> From: David Crane [mailto:cr...@icdd.com]
> Sent: Tuesday, May 11, 2004 2:15 PM
> To: my...@lists.mysql.com
> Subject: Re: how do i encrypt the .frm file with a password
>=20
>=20
> Since this database will be distributed, our users will be=20
> administrators.
> If they are able to copy the files to another computer and=20
> set up mysql
> themselves, they could get access to the entire database=20
> directly and export
> any or all data. Configuring the service to run as a=20
> different user would
> not prevent this. And, they would have access to the files as=20
> administrator.
> As I see it, the passwords for users are only used by the=20
> service itself and
> passwords are not applied to the files themselves. As for=20
> operating systems,
> we are going to support Windows NT, 2000, & XP.
>=20
> ""David Crane"" <cr...@icdd.com> wrote in message
> news:2004051115450...@lists.mysql.com...
> > I need to provide some security to a database that I am=20
> working on. This
> > database will be distributed and I need to prevent users=20
> from being able
> to
> > simply copy the files and being able to have complete=20
> access to it. I want
> > to do this: "Encrypt the `.frm' file with a password. This=20
> option doesn't
> do
> > anything in the standard MySQL version. "
> >
> > (http://dev.mysql.com/doc/mysql/en/CREATE_TABLE.html) I=20
> have recompiled
> > mysql to enable 64 indexes on a table. So, recompiling it is not a
> problem.
> > Do I need a custom version or MaxDB?
> >
> >
>=20
>=20
>=20
> --=20
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: =20
> http://lists.mysql.com/mysql?unsub=3D...@chelseainteractive.com
>=20
>=20
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dmy...@freebsd.csie.nctu.edu.tw
Robert J Taylor
priying eyes of DBAs (supposedly) under HIPAA/Security.
Dan Greene wrote:
>if the data is the concern, not the data structure, why not encrypt the data itself?
>
>
>
>>-----Original Message-----
>>From: David Crane [mailto:cr...@icdd.com]
>>Sent: Tuesday, May 11, 2004 2:15 PM
>>To: my...@lists.mysql.com
>>Subject: Re: how do i encrypt the .frm file with a password
>>
>>
>>Since this database will be distributed, our users will be
>>administrators.
>>If they are able to copy the files to another computer and
>>set up mysql
>>themselves, they could get access to the entire database
>>directly and export
>>any or all data. Configuring the service to run as a
>>different user would
>>not prevent this. And, they would have access to the files as
>>administrator.
>>As I see it, the passwords for users are only used by the
>>service itself and
>>passwords are not applied to the files themselves. As for
>>operating systems,
>>we are going to support Windows NT, 2000, & XP.
>>
>>""David Crane"" <cr...@icdd.com> wrote in message
>>news:2004051115450...@lists.mysql.com...
>>
>>
>>>I need to provide some security to a database that I am
>>>
>>>
>>working on. This
>>
>>
>>>database will be distributed and I need to prevent users
>>>
>>>
>>from being able
>>to
>>
>>
>>>simply copy the files and being able to have complete
>>>
>>>
>>access to it. I want
>>
>>
>>>to do this: "Encrypt the `.frm' file with a password. This
>>>
>>>
>>option doesn't
>>do
>>
>>
>>>anything in the standard MySQL version. "
>>>
>>>(http://dev.mysql.com/doc/mysql/en/CREATE_TABLE.html) I
>>>
>>>
>>have recompiled
>>
>>
>>>mysql to enable 64 indexes on a table. So, recompiling it is not a
>>>
>>>
>>problem.
>>
>>
>>>Do I need a custom version or MaxDB?
>>>
>>>
>>>
>>>
>>
>>--
>>MySQL General Mailing List
>>For list archives: http://lists.mysql.com/mysql
>>To unsubscribe:
>>http://lists.mysql.com/mysql?unsub=d...@chelseainteractive.com
>>
>>
>>
>>
>
>
>
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=myo...@freebsd.csie.nctu.edu.tw
David Crane
performance and our ability to compress it.
We are using access now and it is a 5 cd install. I was hoping I could get
away with password protecting the files to provide
some security.
""David Crane"" <cr...@icdd.com> wrote in message
news:2004051115450...@lists.mysql.com...
> I need to provide some security to a database that I am working on. This
> database will be distributed and I need to prevent users from being able
to
> simply copy the files and being able to have complete access to it. I want
> to do this: "Encrypt the `.frm' file with a password. This option doesn't
do
> anything in the standard MySQL version. "
>
> (http://dev.mysql.com/doc/mysql/en/CREATE_TABLE.html) I have recompiled
> mysql to enable 64 indexes on a table. So, recompiling it is not a
problem.
> Do I need a custom version or MaxDB?
>
>
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=myo...@freebsd.csie.nctu.edu.tw
Robert J Taylor
(Answer: It wouldn't)
Look at PGP/GPG encryption, as an example of private/public key
encryption. Feed the encryption program uncompressed data and get either
keyed or password protected data that is encrypted and compressed.
This isn't a MySQL issue, strictly speaking, but I hope this helps you
find an answer.
references:
http://www.pgp.com
http://gnupg.org
Robert J Taylor
rob...@rjamestaylor.com