encrypt storage

[Bob Sneidar]

I didn’t take it as overreactive. But I have always felt that security measures should be tempered with the value (or if you like vulnerability) of what is being secured. You wouldn’t want to institute Fort Knox for example to protect your piggy bank. Neither would you necessarily need bit level encryption to protect the web sites you visit (unless you are Richmond and then you probably would).

I think that mySQL, if properly configured, is just as secure as any other modern server technology. If you encrypt data in transit, and as an added measure encrypt data in storage, it’s not a big deal. If I ever store data that is in any way confidential, I will employ these measures.

I imagine a very resourceful person could decompile my app and somehow discern the seed value for a particular record, but I am not sure that would automatically give him access to the database, it also being password protected, and the code is password protected so it would be difficult to say the least. Also the seed is variable. Have fun with the one record.

Right now the payoff would be that the hacker gains access to some names and addresses, and the copiers they have onsite. Hell, email me and I will zip up a copy of it and send it to them to save them some trouble.

Bob S


On Feb 6, 2015, at 12:43 , Richard Gaskin <ambassador at fourthworld.com<mailto:ambassador at fourthworld.com>> wrote:

Was my post over-reactive, or under?