BennieC Posted January 27, 2010 Share Posted January 27, 2010 Hi, I am using MySQL 5.1.39 & Delphi 2010 on Windows 7 and Windows XP. Can a DB be protected such that no-one has access to it, especially if the file is copied to another machine where the owner has administrator or root rights? Bennie Quote Link to comment https://forums.phpfreaks.com/topic/189979-mysql-security/ Share on other sites More sharing options...
fenway Posted January 28, 2010 Share Posted January 28, 2010 You can't protect files across machines unless you encrypt the drive -- otherwise, ACL is your friend. Quote Link to comment https://forums.phpfreaks.com/topic/189979-mysql-security/#findComment-1002795 Share on other sites More sharing options...
BennieC Posted January 29, 2010 Author Share Posted January 29, 2010 Hi, Excuse my ignorance, but what is ACL? How can data be distributed to many users, on their own computers, without the risk of it being accessible other than through the application. I believe Interbase has file protection on their files as had Paradox where you need a password to open the file. B Quote Link to comment https://forums.phpfreaks.com/topic/189979-mysql-security/#findComment-1003638 Share on other sites More sharing options...
Mchl Posted January 29, 2010 Share Posted January 29, 2010 You can always move this file to other computer and open it with binary editor. Whether you will be able to make anything of it (like writing a script that will read the contents) is quite another way. MySQL has possibility to create password protected user accounts. Each user can be assigned privileges for specific actions down to column level. You can also encrypt data stored http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html Quote Link to comment https://forums.phpfreaks.com/topic/189979-mysql-security/#findComment-1003640 Share on other sites More sharing options...
BennieC Posted January 29, 2010 Author Share Posted January 29, 2010 Hi, Could I set up the tables such that a specific user can see some columns in such a way that not even root or any other authorized user has access? If the db is transported to another computer, no-one will be able to take these restrictions away? B Quote Link to comment https://forums.phpfreaks.com/topic/189979-mysql-security/#findComment-1003647 Share on other sites More sharing options...
oni-kun Posted January 29, 2010 Share Posted January 29, 2010 Could I set up the tables such that a specific user can see some columns in such a way that not even root or any other authorized user has access? You're not making much sense here. Permissions are set by the owner, you can't chmod some other machine's folders without you having owner access. chmod 000 file.db Quote Link to comment https://forums.phpfreaks.com/topic/189979-mysql-security/#findComment-1003663 Share on other sites More sharing options...
Mchl Posted January 29, 2010 Share Posted January 29, 2010 root has access to everything. Period. Quote Link to comment https://forums.phpfreaks.com/topic/189979-mysql-security/#findComment-1003669 Share on other sites More sharing options...
BennieC Posted January 29, 2010 Author Share Posted January 29, 2010 My problem is that root has access to everything. I would therefore not be able to distribute the data with only the app having access to it. Anyone could install MySQL, make himself a root user and dig into the data himself. Is this understanding correct. If it is do you by any chance know of a way to protect the data? Quote Link to comment https://forums.phpfreaks.com/topic/189979-mysql-security/#findComment-1003675 Share on other sites More sharing options...
Mchl Posted January 29, 2010 Share Posted January 29, 2010 As stated above, you can encrypt it. The offender would have to hack into your application code to find keys. Quote Link to comment https://forums.phpfreaks.com/topic/189979-mysql-security/#findComment-1003718 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.