← Back to team overview

maria-developers team mailing list archive

  1. maria-developers team
  2. Mailing list archive
  3. Message #07435

Re: [Maria-discuss] MariaDB encryption

  Thread PreviousDate PreviousThread Next 
nice, check what i'm thinking about...
1)
i start mariadb without keys
i start my app
   here i must check that all tables are 'unlocked' and read to use,
we will have a method to this? at mysql_connect i will check if keys
are loaded, maybe a SHOW STATUS like 'encryption_keys_loaded' = 1 or 0

2)
about externall acess to include encryption/key
maybe a sql statment?
INSERT INTO mysql.encrypt_keys (key,value) value (1,"abcdefg.....")

just an idea about external key uploading
or an external server (no problem)





2014-06-20 9:51 GMT-03:00 Elmar Eperiesi-Beck <elmar@xxxxxxxxxxxxxxxx>:
> At startup the keys will be read once and kept in memory. Normaly you are
> not going to encrypt 1000 tables, because you just encrypt the content that
> is confidential. But yes- each key has to be in the memory. Or you use an
> external encryption/key server that handels the encryption and the
> key-management outside the DB.
>
> We enhanced the concept, that it is possible to deliver the key manually at
> server startup. You can have it e.g. on a pendrive and start the server with
> the keys as a backup.
>
>
>
> Am 17.06.2014 um 18:55 schrieb Roberto Spadim <roberto@xxxxxxxxxxxxx>:
>
> humm, now i'm thinking as a data warehouse
> think about installing a server (server 1) in somewhere (maybe saara
> desert).... i connect the "server 1" to internet, and configure the server
> uri to point to my central server (server central), maybe at moon
>
> when the mysqld/mariadbd start, it will contact the central server and get
> all keys, or only get keys when i need? for example a server with 1000
> tables and 1000 diferent keys, they are all stored at memory at boot time,
> or only when i need read/write access to that table?
>
> if i remove the internet link, the "server 1" will not read tables, right?
> in this case, if i have the keyfile in a pendrive, or a cd or dvd, could i
> redirect it to a key file and start database, as a backup solution?
>
>
>



-- 
Roberto Spadim
SPAEmpresarial
Eng. Automação e Controle

Follow ups

References

  Thread PreviousDate PreviousThread Next