Server setup file encryption

---

• From: kreno <kreno@xxxxxxxx>
• Date: Sun, 24 Dec 2006 15:19:54 +0100

---

Hello,
We are trying to find an elegant solution to the following problem:
Our webapplication needs to access highly sensitive data. Leaving the data unencrypted is unacceptable. Here is the setup: currently there are 2 boxes (we are not limited in hardware so if your solution involves more servers this would not be an issue), 1 MySQL database server and 1 Apache webserver (with sensitive data) both running Linux. Note that the sensitive data currently resides in files, but this could easily be migrated into a database structure. Now, the problem is to provide some security on the sensitive data in case the server (database or web) is compromised.
This could be an answer:

Encrypt all sensitive data on the webserver and store the key in the database. However, if the webserver is compromised then the MySQL authentication information is easily found and thus also access to the database and the keys to the encrypted files. But, our webapplication has improved its security because it can only show usefull data when calling the appropriate decrypt routines. Meaning in case of vulnerabilities which might give access to the files only scrambled data would appear. Even more, there would only be a trace in the memory of the decrypted file. There is no need to decrypt and store the file on the disk.
It seems the returning weak link in all our solutions appears to be the need of hard coded authentication information on our webserver in order to connect to our database, which opens the world.
Are there any techniques available to secure our application/code/server/data?

My apologies if this was sent to the wrong list.

Kind regards,
Thomas.

---

• Follow-Ups:
  • Re: Server setup file encryption
    • From: Saqib Ali

• Prev by Date: Re: Password Quality checker
• Next by Date: Restrict Access to Shared Folder with Encryption Key Rather than Password
• Previous by thread: Password Quality checker
• Next by thread: Re: Server setup file encryption
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: rolling Firefox back to 2.x ... from outside Firefox. ... If you want to be sure that all sensitive data ... shell code) to create a new database and copy the data you want to keep. ... private information on a computer you are sharing with other people. ... (Ubuntu) Re: rolling Firefox back to 2.x ... from outside Firefox. ... If you want to be sure that all sensitive data ... shell code) to create a new database and copy the data you want to keep. ... untraceable by forensic analysis of your hard drive? ... (Ubuntu) Re: hide SOME query results for unauthorized users ... database to make it impossible to open without the password. ... confused about is how to set-up a "login" procedure. ... (but typically only the users who are generating the sensitive data) ... queries how do I allow some but not all users to see the flagged records. ... (microsoft.public.access.queries) Re: Add a default form for start-up ... "Andy" wrote: ... > Make the sensitive data not readable by anyone except the db Administrator. ... >> The main database has very sensitive material in it. ... Each manager is only ... (microsoft.public.access.modulesdaovba)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2006-12