Shall I understand that what is communicated on the client/server interface will be the same as ever - also for columns stored encrypted - or will the client receive column values in encrypted form?-- PeterOn Fri, Jun 6, 2014 at 3:24 PM, Roberto Spadim <roberto@spadim.com.br> wrote:
hi peter, from what i read at link:The things we are initially focusing on are:
- Adding column level encryption.
- This will be done at the field level, invisible for the storage engine.
- Block level encryption for certain storage engines.
- Initially we will target InnoDB and XtraDB.
MariaDB will initially support storing the security keys on a remote file systems, accessed only at startup, and later also support using a daemon for key management.
The above will make your encrypted data in MariaDB secure for:
- Database users that has user access to the database.
- Anyone that would attempt to steal the hard disk with the database.
2014-06-06 5:02 GMT-03:00 Peter Laursen <peter_laursen@webyog.com>:
How are clients (command line, GUI clients, phpMyAdmin, whatever) supposed to deal with encrypted data? Will the 'mysql' client, the C-API and other connectors be expanded with features to handle it?-- Peter Laursen-- WebyogOn Fri, Jun 6, 2014 at 5:17 AM, Colin Charles <colin@mariadb.org> wrote:
Hi Jonas,
(same Jonas we know from NDBCLUSTER? :-) Good to see you again)
On 6 Jun 2014, at 02:31, Jonas Oreland <jonaso@google.com> wrote:
> Hi there,
>
> I read this blog post
> http://monty-says.blogspot.com/2014/05/for-your-eyes-only-or-adding-better.html
> and wanted to inform you that we at Google has developed on-disk/block-level encryption for Innodb, aria (as used by temporary tables), binlogs and temp-files.
>
> The code is not yet published, but we expect it to be within a few weeks or so.
> We (of course?) think that it would be better if you instead of developing new code
> spent the time testing/reviewing ours.
>
> I'm happy to answer questions on the topic,
> and will let you know once we've published it.
>
This is great news!
>From what I gather, from Monty's blog post (and a 1:1 we had some time back), this is something done by a partner/external company that has a mostly OSS solution, that we should integrate into 10.1
That said, Google's release of something that works for InnoDB, Aria, binlogs, temp files (and presumably not too hard to add for MyISAM) is something we should definitely review and target for 10.1
Is there more coming out in a few weeks, i.e. another big Google patch planned? Or just this feature? I think it'd be great to coordinate, and get this into Jira, as these are great tasks for 10.1 and will be a positive differentiator going forward
Thanks again for the wonderful news
cheers,
-colin
> /Jonas
>
> ps.
> Ian talked about this at percona,
> https://www.percona.com/live/mysql-conference-2014/sessions/privacy-and-security-mysql-google-snowden-age
>
> _______________________________________________
> Mailing list: https://launchpad.net/~maria-discuss
> Post to : maria-discuss@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~maria-discuss
> More help : https://help.launchpad.net/ListHelp
--
Colin Charles, Chief Evangelist, SkySQL - The MariaDB Company
blog: http://bytebot.net/blog/| t: +6-012-204-3201 | Skype: colincharles
_______________________________________________
Mailing list: https://launchpad.net/~maria-discuss
Post to : maria-discuss@lists.launchpad.net
Unsubscribe : https://launchpad.net/~maria-discuss
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~maria-discuss
Post to : maria-discuss@lists.launchpad.net
Unsubscribe : https://launchpad.net/~maria-discuss
More help : https://help.launchpad.net/ListHelp
--Roberto Spadim
SPAEmpresarialEng. Automação e Controle