Splitting a mysql database for security

Question

I have used sql (mostly mysql) for years but not to a professional standard, so I'm looking for a shove in the right direction.

I am currently designing a web app that will collect user's names/addresses/emails etc in one set of tables, as well as other personal information in another set of tables. These would most naturally reside in one database, but I've been considering splitting the user contact information in one database on a separate server and all the other information into another database/server, the theory being that a hacker would have to break both systems to get anything very useful.

I've done searches off and on for a few weeks and haven't found this type of design discussed much so far. Is this generally done? Is it overkill? Is there a design method to approach it, or will I have to roll it all on my own?

I did find Is splitting databases a legitimate security measure? which I guess is saying that this approach is likely overkill.

Answer 1

I tend to think this is overkill.

Please check my answer on this question: Sharing users between 2 databases

Keep in mind to address separately database design and data access security issues. Data access security should not lead you to illogical choices in database design.

Answer 2

IMHO that seems to be wrong. By splitting data across 2 DB you will only increase complexity without reasonable security profits.

I think this is where data encryption can be used. Generate encryption key based on user credentials and encrypt/decrypt sensible data by user requests. Since private data must be shown only to that user, everything should be ok.

Answer 3

Here's an approach I used before:

Server1: DB Server2: SC

DB is in a network domain that is accessible by the public, but cannot access SC SC is in a network domain that is not accessible by the public, but can access SC

DB is where you stored all pertinent information, including the 'really important stuff'.

At a specified interval (I used 5 seconds) SC checks DB for any new records in any table it may want to monitor (there is a job or scheduled task) and encrypts the important information.

Although I was utilizing SQL Server 2005 and was able to work in two domains (a private(intern al) and public(for client access) and that what I just shared was a stripped down (removed as much MSSQL-exclusive parts), simplified version, with some effort I think it would be possible to recreate something similar in mysql, especially if you can host your two databases in separate, physical machines.

While many will also think this is overkill, this idea had been implemented. It costs more, and requires more work when it's data reporting time but the clients were pleased.