SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Jun 2004
    Location
    Venus
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cool protecting mysql database from web host

    I want to protect my mysql database from my website host (I am on shared hosting). They should not be able to see the database.
    As far as PHP scripts are concerned I understand that using the Zend or another encoder will protect the source code from even the host.
    What can be done to encode/decode OR crypt the entire mysql database so that it is useless to the host.
    Please give your expert opinion.

    Will the following solution work:

    Using mcrypt to encrypt / decrypt all the data in the database. Using XML-RPC to store the key to the encryption on another website (different host). Also the database dump is emailed daily to keep a latest copy.

    Regards,
    Parag

  2. #2
    SitePoint Addict silent's Avatar
    Join Date
    Jun 2004
    Location
    Roaming North America
    Posts
    220
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you don't trust your host to not "look into" your database, then perhaps it's time for another host? Either that or running a co-lo or a dedicated box with root rights... That way you can set up your own MySQL server with your own users and reset the root MySQL user password...

  3. #3
    SitePoint Member
    Join Date
    Jun 2004
    Location
    Venus
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Will a VPS serve the purpose?

    Thanks for the reply. Will a VPS (Virtual Private Server) serve the purpose?
    Quote Originally Posted by silent
    If you don't trust your host to not "look into" your database, then perhaps it's time for another host? Either that or running a co-lo or a dedicated box with root rights... That way you can set up your own MySQL server with your own users and reset the root MySQL user password...

  4. #4
    SitePoint Addict silent's Avatar
    Join Date
    Jun 2004
    Location
    Roaming North America
    Posts
    220
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by paragsm
    Thanks for the reply. Will a VPS (Virtual Private Server) serve the purpose?
    Well, if your concern is about your host looking into you database, the VPS solution won't solve anything. That's really just another name for shared hosting, IMHO. The issue you need to solve is your trust of your ISP. You need to find a host you can trust. If it's not the ISP, but the other customers on your shared server that you don't trust (and I wouldn't either...), then you need to investigate how your host protects your data from the other customers.

    Truly the only "real" security I know of would be to have a co-located server (meaning: you have the box at your location and simply use their network for bandwidth. I [b]highly[/] discourage this option unless you REALLY know what your doing, because you will be in charge of replacing hardware, security updates, and server management. Plus, this is an expensive option.

    If you don't have that experience or those resources (and most of us don't ...), I would stick to researching a reliable and trustworthy host.

    HTH,

    jay

  5. #5
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If the host has the right to physically access the server for maintenance, they also have the ability (potentially) to read everything on it that is not encrypted. In fact, they have the ability to read the stuff that's encrypted too, it just won't be of any use to them unless they unencrypt it.

    You could encrypt everything that goes in and out of the database... but that could be a bit of a processor strain. Might not be so bad if you isolate the sensitive information and just encrypt that. It would be interesting to know if there is a MySQL extension or feature for this sort of thing.
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •