MySQL and data file encryption

StackOverflow https://stackoverflow.com/questions/143750

  •  02-07-2019
  •  | 
  •  

Question

Is there a way to encrypt the data file that mysql uses? I have a mysql server on an open machine, and I would like to encrypt the data file so even if someone copies the data files, they cannot read the data.

Thanks

Was it helpful?

Solution

I am not sure what do you mean when you say that your machine is open. If people have access to the console, or to your account it is much harder of a task to encrypt the file.

Did you look at Truecrypt? It works for most popular operating systems and allows to create a virtual encrypted partition, lock down a hard drive partition,an external drive or a usb device.

OTHER TIPS

To anyone researching a transparent MySQL encryption solution for Linux, there's a relatively new product on the block that we've been working with: http://www.gazzang.com/

I am not affiliated with Gazzang... just a happy customer.

MySQL doesn't support data file encryption natively. There are 3rd products out there such as:

http://www.vormetric.com/products/vormetric_database_encryption_expert.html

There's a 'white paper' on the topic here:

http://www.vormetric.com/documents/FINALPart2DatabaseEncryptionCoreGuardvsColumnLevelWhitePaper7.pdf

To be honest, if the database content has any commercial value or contains personal data about individuals, you should really control who has access to the datafiles (whether encrypted or not). In the UK, leaving such data files open to casual passers-by, would be a data protection no no.

You can use an encrypted filesystem, like the native one for NTFS on Windows or one of the various options for linux. In addition you can store the data encrypted.

If you are using windows EFS and starting MySQL as a service, you will need to do the following:

  • go to Services and find the MySQL service
  • stop the service
  • right-click -> properties -> LogON TAB
  • check "This account"
  • fill your windows account name eg. ".\username"
  • provide your password
  • start the service

The MySQL service should now start without errors.

To use the windows EFS encryption:

http://windows.microsoft.com/en-us/windows/encrypt-decrypt-folder-file#1TC=windows-7

Read more obout it:

http://www.petri.co.il/how_does_efs_work.htm#

!!! Don't forget to export the certificate !!!

you could encrypt the data within mysql using the built in encryption functionality.

as for the files, any file solution should work fine.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top