[Owasp-leaders] DB encryption (here: MySQL)
Dirk Wetter
dirk.wetter at owasp.org
Tue Mar 19 09:53:15 UTC 2013
Hi Dennis.
On 03/12/2013 06:50 PM, Dennis Groves wrote:
> On 12 Mar 2013, at 17:43, Dirk Wetter wrote:
>
> There seems to be no such thing as a best practice guide.
>
> Funny, because I thought it was: encrypt in transit, and encrypt at rest…
>
> Any hints?
>
> Gazzang has been looking like the 'right way to go' from what I have been reading about:
> http://www.gazzang.com/products/zncrypt
Nope, that's not it. It's encryption on a file system layer. (Which is IMO not
needed for Linux as there are several more or less transparent mechanisms for encryption.
Key management could be important though...)
Speaking of it: Does anybody know a commercial solution for DB data encryption?
Best,
Dirk
>
> However, I have no experience with it - so I can not speak with any authority.
>
> Does anybody have any experience with this kind of strategy?
>
> dennis
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--
>
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me <mailto:dennis.groves at owasp.org> or schedule a meeting <http://goo.gl/8sPIy>.
>
> /This email is licensed under a CC BY-ND 3.0 <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license./
>
> *Please do not send me Microsoft Office/Apple iWork documents.*
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
> Stand up for your freedom to install free software <http://www.fsf.org/campaigns/secure-boot/statement>.
>
> The idea that some lives matter less is the root of all that’s wrong with the world. -- Paul Farmer
>
--
German OWASP Board, Conference Chair AppSec EU 2013
http://appsec.eu/ | @appseceu
skype://drwetter.de | tel:+49-40-2442035-1
More information about the OWASP-Leaders
mailing list