← Back to team overview

maria-discuss team mailing list archive

Re: MariaDB encryption

 

humm, i think yes, but i'm not sure, i think the only client-server (tcp)
crypt is ssl or ssh tunel, the crypt used may help guys with stolen
harddisks


2014-06-06 11:37 GMT-03:00 Peter Laursen <peter_laursen@xxxxxxxxxx>:

> Shall I understand that what is communicated on the client/server
> interface will be the same as ever - also for columns stored encrypted - or
> will the client receive column values in encrypted form?
>
> -- Peter
>
>
> On Fri, Jun 6, 2014 at 3:24 PM, Roberto Spadim <roberto@xxxxxxxxxxxxx>
> wrote:
>
>> hi peter, from what i read at link:
>>
>> The things we are initially focusing on are:
>>
>>
>>    - Adding column level encryption.
>>       - This will be done at the field level, invisible for the storage
>>       engine.
>>    - Block level encryption for certain storage engines.
>>       - Initially we will target InnoDB and XtraDB.
>>
>>
>> MariaDB will initially support storing the security keys on a remote file
>> systems, accessed only at startup, and later also support using a daemon
>> for key management.
>>
>> The above will make your encrypted data in MariaDB secure for:
>>
>>
>>    - Database users that has user access to the database.
>>    - Anyone that would attempt to steal the hard disk with the database.
>>    -
>>
>>
>>
>> 2014-06-06 5:02 GMT-03:00 Peter Laursen <peter_laursen@xxxxxxxxxx>:
>>
>> How are clients (command line, GUI clients, phpMyAdmin, whatever)
>>> supposed to deal with encrypted data? Will the 'mysql' client, the C-API
>>> and other connectors be expanded with features to handle it?
>>>
>>> -- Peter Laursen
>>> -- Webyog
>>>
>>>
>>> On Fri, Jun 6, 2014 at 5:17 AM, Colin Charles <colin@xxxxxxxxxxx> wrote:
>>>
>>>> Hi Jonas,
>>>> (same Jonas we know from NDBCLUSTER? :-) Good to see you again)
>>>>
>>>> On 6 Jun 2014, at 02:31, Jonas Oreland <jonaso@xxxxxxxxxx> wrote:
>>>>
>>>> > Hi there,
>>>> >
>>>> > I read this blog post
>>>> >
>>>> http://monty-says.blogspot.com/2014/05/for-your-eyes-only-or-adding-better.html
>>>> > and wanted to inform you that we at Google has developed
>>>> on-disk/block-level encryption for Innodb, aria (as used by temporary
>>>> tables), binlogs and temp-files.
>>>> >
>>>> > The code is not yet published, but we expect it to be within a few
>>>> weeks or so.
>>>> > We (of course?) think that it would be better if you instead of
>>>> developing new code
>>>> > spent the time testing/reviewing ours.
>>>> >
>>>> > I'm happy to answer questions on the topic,
>>>> > and will let you know once we've published it.
>>>> >
>>>>
>>>> This is great news!
>>>>
>>>> From what I gather, from Monty's blog post (and a 1:1 we had some time
>>>> back), this is something done by a partner/external company that has a
>>>> mostly OSS solution, that we should integrate into 10.1
>>>>
>>>> That said, Google's release of something that works for InnoDB, Aria,
>>>> binlogs, temp files (and presumably not too hard to add for MyISAM) is
>>>> something we should definitely review and target for 10.1
>>>>
>>>> Is there more coming out in a few weeks, i.e. another big Google patch
>>>> planned? Or just this feature? I think it'd be great to coordinate, and get
>>>> this into Jira, as these are great tasks for 10.1 and will be a positive
>>>> differentiator going forward
>>>>
>>>> Thanks again for the wonderful news
>>>>
>>>> cheers,
>>>> -colin
>>>>
>>>> > /Jonas
>>>> >
>>>> > ps.
>>>> > Ian talked about this at percona,
>>>> >
>>>> https://www.percona.com/live/mysql-conference-2014/sessions/privacy-and-security-mysql-google-snowden-age
>>>> >
>>>> > _______________________________________________
>>>> > Mailing list: https://launchpad.net/~maria-discuss
>>>> > Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
>>>> > Unsubscribe : https://launchpad.net/~maria-discuss
>>>> > More help   : https://help.launchpad.net/ListHelp
>>>>
>>>> --
>>>> Colin Charles, Chief Evangelist, SkySQL - The MariaDB Company
>>>> blog: http://bytebot.net/blog/| t: +6-012-204-3201 | Skype:
>>>> colincharles
>>>>
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~maria-discuss
>>>> Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~maria-discuss
>>>> More help   : https://help.launchpad.net/ListHelp
>>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~maria-discuss
>>> Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~maria-discuss
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>>
>> --
>> Roberto Spadim
>> SPAEmpresarial
>> Eng. Automação e Controle
>>
>
>


-- 
Roberto Spadim
SPAEmpresarial
Eng. Automação e Controle

References