Simple Machines Community Forum

SMF Support => Server Performance and Configuration => Topic started by: hc777 on April 25, 2020, 05:34:36 AM

Title: Encrypted Mysql data
Post by: hc777 on April 25, 2020, 05:34:36 AM
Hi,

anyone find a way to encrypt data (not only passwords but all forum tables) in mysql?

Thanks,
best regards.
Title: Re: Encrypted Mysql data
Post by: Arantor on April 25, 2020, 05:36:41 AM
Why? Such things are possible but there are better ways to solve the problem. Which depends on the problem you actually have.
Title: Re: Encrypted Mysql data
Post by: hc777 on April 25, 2020, 05:45:26 AM
Well, I just want to know the way(if exists) to deploy a smf+mysql forum in a hosting preventing the staff from reading the data.

Thanks!
Title: Re: Encrypted Mysql data
Post by: Arantor on April 25, 2020, 05:49:57 AM
Which staff? Your forum staff or the hosting company staff?

If you're trying to prevent forum staff reading the data, don't give them permission; they can't access something in the system that they don't have access to. And remember that any encryption you put in, has to be able to be decrypted to be able to use the forum.

If you're trying to prevent the hosting company, you basically can't because they have physical access to the machine and whatever physical access they have means they can undo whatever protection you implement. The only way that wouldn't work is if you own your own server and put it in your own data center where only you have access.


(FYI: The company I work for does government-grade security if necessary.)
Title: Re: Encrypted Mysql data
Post by: hc777 on April 25, 2020, 05:52:49 AM
I meant the second.

I thouth there was some way to encrypt database with my own private key, but maybe I was wrong.

So, thanks for the answer!
Title: Re: Encrypted Mysql data
Post by: Arantor on April 25, 2020, 05:55:30 AM
There's the problem. You can absolutely encrypt-at-rest (something like LUKS) to encrypt the whole drive, but you're still going to have to connect it to something and decrypt it on the way back out, meaning that anyone with physical access to the server could just tap into it after the encryption layer or add something to the server to log in and be able to access it.

I'd also wonder what could possibly be so serious you'd need that level of protection. Unless you're doing government level work or something illegal.
Title: Re: Encrypted Mysql data
Post by: hc777 on April 25, 2020, 06:20:58 AM
Well, i don't really need that level of protection but I was wandering last days about this topic, so thanks again to free me of this question :)

Anyway, if I'd need it some day I think to get a Raspberry en home would be the best choice.

Title: Re: Encrypted Mysql data
Post by: Arantor on April 25, 2020, 06:41:20 AM
I honestly can't see what the problem would be, though. I have only ever seen two forums where that level of protection would be justified.

Running from home usually means making your home network less secure.
Title: Re: Encrypted Mysql data
Post by: hc777 on April 25, 2020, 09:49:40 AM
Yes, it just was a Theorical problem to me.