← Back to team overview

maria-discuss team mailing list archive

Re: MariaDB encryption

 

hi peter, from what i read at link:

The things we are initially focusing on are:


   - Adding column level encryption.
      - This will be done at the field level, invisible for the storage
      engine.
   - Block level encryption for certain storage engines.
      - Initially we will target InnoDB and XtraDB.


MariaDB will initially support storing the security keys on a remote file
systems, accessed only at startup, and later also support using a daemon
for key management.

The above will make your encrypted data in MariaDB secure for:


   - Database users that has user access to the database.
   - Anyone that would attempt to steal the hard disk with the database.
   -



2014-06-06 5:02 GMT-03:00 Peter Laursen <peter_laursen@xxxxxxxxxx>:

> How are clients (command line, GUI clients, phpMyAdmin, whatever) supposed
> to deal with encrypted data? Will the 'mysql' client, the C-API and other
> connectors be expanded with features to handle it?
>
> -- Peter Laursen
> -- Webyog
>
>
> On Fri, Jun 6, 2014 at 5:17 AM, Colin Charles <colin@xxxxxxxxxxx> wrote:
>
>> Hi Jonas,
>> (same Jonas we know from NDBCLUSTER? :-) Good to see you again)
>>
>> On 6 Jun 2014, at 02:31, Jonas Oreland <jonaso@xxxxxxxxxx> wrote:
>>
>> > Hi there,
>> >
>> > I read this blog post
>> >
>> http://monty-says.blogspot.com/2014/05/for-your-eyes-only-or-adding-better.html
>> > and wanted to inform you that we at Google has developed
>> on-disk/block-level encryption for Innodb, aria (as used by temporary
>> tables), binlogs and temp-files.
>> >
>> > The code is not yet published, but we expect it to be within a few
>> weeks or so.
>> > We (of course?) think that it would be better if you instead of
>> developing new code
>> > spent the time testing/reviewing ours.
>> >
>> > I'm happy to answer questions on the topic,
>> > and will let you know once we've published it.
>> >
>>
>> This is great news!
>>
>> From what I gather, from Monty's blog post (and a 1:1 we had some time
>> back), this is something done by a partner/external company that has a
>> mostly OSS solution, that we should integrate into 10.1
>>
>> That said, Google's release of something that works for InnoDB, Aria,
>> binlogs, temp files (and presumably not too hard to add for MyISAM) is
>> something we should definitely review and target for 10.1
>>
>> Is there more coming out in a few weeks, i.e. another big Google patch
>> planned? Or just this feature? I think it'd be great to coordinate, and get
>> this into Jira, as these are great tasks for 10.1 and will be a positive
>> differentiator going forward
>>
>> Thanks again for the wonderful news
>>
>> cheers,
>> -colin
>>
>> > /Jonas
>> >
>> > ps.
>> > Ian talked about this at percona,
>> >
>> https://www.percona.com/live/mysql-conference-2014/sessions/privacy-and-security-mysql-google-snowden-age
>> >
>> > _______________________________________________
>> > Mailing list: https://launchpad.net/~maria-discuss
>> > Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
>> > Unsubscribe : https://launchpad.net/~maria-discuss
>> > More help   : https://help.launchpad.net/ListHelp
>>
>> --
>> Colin Charles, Chief Evangelist, SkySQL - The MariaDB Company
>> blog: http://bytebot.net/blog/| t: +6-012-204-3201 | Skype: colincharles
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~maria-discuss
>> Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~maria-discuss
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~maria-discuss
> Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~maria-discuss
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Roberto Spadim
SPAEmpresarial
Eng. Automação e Controle

Follow ups

References