← Back to team overview

maria-discuss team mailing list archive

Re: MariaDB encryption

 

Shall I understand that what is communicated on the client/server interface
will be the same as ever - also for columns stored encrypted - or will the
client receive column values in encrypted form?

-- Peter


On Fri, Jun 6, 2014 at 3:24 PM, Roberto Spadim <roberto@xxxxxxxxxxxxx>
wrote:

> hi peter, from what i read at link:
>
> The things we are initially focusing on are:
>
>
>    - Adding column level encryption.
>       - This will be done at the field level, invisible for the storage
>       engine.
>    - Block level encryption for certain storage engines.
>       - Initially we will target InnoDB and XtraDB.
>
>
> MariaDB will initially support storing the security keys on a remote file
> systems, accessed only at startup, and later also support using a daemon
> for key management.
>
> The above will make your encrypted data in MariaDB secure for:
>
>
>    - Database users that has user access to the database.
>    - Anyone that would attempt to steal the hard disk with the database.
>    -
>
>
>
> 2014-06-06 5:02 GMT-03:00 Peter Laursen <peter_laursen@xxxxxxxxxx>:
>
> How are clients (command line, GUI clients, phpMyAdmin, whatever) supposed
>> to deal with encrypted data? Will the 'mysql' client, the C-API and other
>> connectors be expanded with features to handle it?
>>
>> -- Peter Laursen
>> -- Webyog
>>
>>
>> On Fri, Jun 6, 2014 at 5:17 AM, Colin Charles <colin@xxxxxxxxxxx> wrote:
>>
>>> Hi Jonas,
>>> (same Jonas we know from NDBCLUSTER? :-) Good to see you again)
>>>
>>> On 6 Jun 2014, at 02:31, Jonas Oreland <jonaso@xxxxxxxxxx> wrote:
>>>
>>> > Hi there,
>>> >
>>> > I read this blog post
>>> >
>>> http://monty-says.blogspot.com/2014/05/for-your-eyes-only-or-adding-better.html
>>> > and wanted to inform you that we at Google has developed
>>> on-disk/block-level encryption for Innodb, aria (as used by temporary
>>> tables), binlogs and temp-files.
>>> >
>>> > The code is not yet published, but we expect it to be within a few
>>> weeks or so.
>>> > We (of course?) think that it would be better if you instead of
>>> developing new code
>>> > spent the time testing/reviewing ours.
>>> >
>>> > I'm happy to answer questions on the topic,
>>> > and will let you know once we've published it.
>>> >
>>>
>>> This is great news!
>>>
>>> From what I gather, from Monty's blog post (and a 1:1 we had some time
>>> back), this is something done by a partner/external company that has a
>>> mostly OSS solution, that we should integrate into 10.1
>>>
>>> That said, Google's release of something that works for InnoDB, Aria,
>>> binlogs, temp files (and presumably not too hard to add for MyISAM) is
>>> something we should definitely review and target for 10.1
>>>
>>> Is there more coming out in a few weeks, i.e. another big Google patch
>>> planned? Or just this feature? I think it'd be great to coordinate, and get
>>> this into Jira, as these are great tasks for 10.1 and will be a positive
>>> differentiator going forward
>>>
>>> Thanks again for the wonderful news
>>>
>>> cheers,
>>> -colin
>>>
>>> > /Jonas
>>> >
>>> > ps.
>>> > Ian talked about this at percona,
>>> >
>>> https://www.percona.com/live/mysql-conference-2014/sessions/privacy-and-security-mysql-google-snowden-age
>>> >
>>> > _______________________________________________
>>> > Mailing list: https://launchpad.net/~maria-discuss
>>> > Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
>>> > Unsubscribe : https://launchpad.net/~maria-discuss
>>> > More help   : https://help.launchpad.net/ListHelp
>>>
>>> --
>>> Colin Charles, Chief Evangelist, SkySQL - The MariaDB Company
>>> blog: http://bytebot.net/blog/| t: +6-012-204-3201 | Skype: colincharles
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~maria-discuss
>>> Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~maria-discuss
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~maria-discuss
>> Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~maria-discuss
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Roberto Spadim
> SPAEmpresarial
> Eng. Automação e Controle
>

Follow ups

References