Tracking Forums, Newsgroups, Maling Lists
Home Scripts Tutorials Tracker Forums
 
  HOME    TRACKER    MYSQL




Securing The AES Encryption Key Using Windows EFS?


I'm planning on using AES encryption methods which require an encryption key. I don't want to store this key as a string literal within my Java front-end web application because of the security risk associated with reverse engineering the Java .class files and obtaining the AES encryption key.

I was thinking of storing the AES encryption key in a file, and then reading this key from the Java application to use within the AES_ENCRYPT function. The file would be encrypted using Windows Encryption File System (EFS) since I'm deploying on a Windows server.

Benefits I see to this approach are that the AES encryption key is stored separate from the .java application, and the file containing the key is encrypted to everyone except the Windows account that encrypted the file.

The drawbacks are the application needs to have rights to accesss the file, the protection of the key now hinges on the Windows Account used to encrypt the file (if that is compromised then the key could be discovered); also, I need to further research where the private key used to encrypt the file is stored on Windows and how secure that is.




View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
Securing My DB With Encryption
I have set up two tables in our DB, and we want to add a third, but this one is credit card info, and need to be secured. What's the best way to do it by encryption?
What Encryption Is This?
This is a varchar in my db, its my password and I want to change it
but I don't know what kind of encryption it is.

aatiAMXx.sDOA
Encryption
I heard you could encrypt things in MySQL,how do I do it?
SSL Encryption
is it true, that MySQL 4.x can do SSL encrypted connections only with
a server AND a client certificate? I've got a working SSL connection
if I use both, mysqld and mysql with certificate, key and
ca-certificate. How can I use SSL if the mysql client must not have
access to the private key? Any help or links to a good documentation
is welcome.
Encryption
Can anyone advise whether its possible to use the Encode/Decode functions on Windows (Win2K) platform in Mysql & PHP.
A book i'm using says they cannot be used in windows yet i've managed to get my application successfully Encoding a password at the time of using an, 'Insert INTO' qry - its stored ok as a BLOB (field was set-up as a BLOB). Problem is i cannot use the DECODE() to reverese things. When tried i get a 'cannot excecute query' type mssg.
Looked at MD5 and SHA1 but they are one-way funcs only.
I like the look of AES and DES ENCRYPT/DECRYPT but can't get them to work either.
Using AES_ENCRYPT For 256 Bit Encryption
I just started using AES_ENCRYPT to encrypt records in my databases. For the most part, the default 128 bit encryption is fine. But, I would like to use 256 bit for one of my forms. According to the MySQL documentation you can use the function for either 128 or 256 but I don't understand how to get it to do 256.

The documentation says:"Encoding with a 128-bit key length is used, but you can extend it up to 256 bits by modifying the source." - http://dev.mysql.com/doc/refman/4.1/...functions.html

What source do I have to modify to get it to use 256?
Encryption / Authentication
I need to find out if it's possible to do two things with mysql. The =
first is external authentication, preferably with kerberos5, but PAM =
will work as well. Second, encrypting the data stream. Specifically =
with jdbc connections.
Looking For Encryption Tool
I have a prospect that needs to collect sensitive personal data via the web
for mortgage applications. A certificate & SSL seems to protect the data
from the browser to the server, but I need some way to encrypt the data for
storage in mysql and (possibly) into a flat file for retrieval by the
prospect. I have not been able to find a simple solution for this
compatible with BSD and Apache.
Password Encryption
What I'd like to do is have an html login page using php to process the request, and then compare the input strings to a username & password stored in a SQL table.

My question is though, what is the best way to store the password in the mySQL table. Is it better to store it as an encrypted value, and can I do this?
Password Encryption
currently using mysql with c# coding.
I need to know how do i encrypt password so that it will not show the password
in plain text when i access the database.
AES Encryption/Decryption
I have a questiosn regarding AES Encryption/Decryption.

I understand the basics of how it works however i am stumped.

What i am currently trying to do it have a table that contains user information. Now when an authenticated user views this information they are showing all there details in plain text.

Thats fine but what i require is a master key so that if need be the system admin will be able to decrypt any data in the mysql db using there master key.

Is there anyway to do this? either by design or code.
Data Encryption
I am using MySQL on a Windows XP system. I was wondering if there is anyway that I could use OpenSSL (I currently have beta 6 on a dev machine) with MySQL on Windows XP?
Password Encryption
When adding a password entry to a database I believe you can encrypt its value using PASSWORD(str) but could someone please confirm what data type I should use for the column in which it is stored?
Encryption And Decryption
i need a solution to the following requirement
There is a column, for which data should be encrypted in the database, something
like password, where the actual data should not be displayed when i say
select * from tablename, instead, the encrypted text should be displayed, and
that text need to be decrypted again, can anyone please tell me how to do it
front end is java
Need To Modify Input For Encryption
I encrypted a database field using MySQL AES_ENCRYPT() from a command prompt.

I can easily decrypt it because the code specifies a Query but the INSERT is an ADODB insert (see below):

PHP

runQuery($db ->GetInsertSQL($rs, $_POST, true));

I need to AES_ENCRYPT one of the $POST fields before it goes into this but I don't see how? Mcrypt is not installed on server so MySQL functions are what I need to use.

Credit Card Encryption
I am just having my first experience with storing credit card details into a mysql database with php. I am on a ssl server of course and everything works fine but I am interested in any other security recomendations.

Currently CC details are stored directly into the database as they were typed, should I be encrypting the CC details with mcrypt_enrypt() before storing them and then dectypt them when displaying on the "view card details page"?
Login / Password Encryption
i am trying to create a very simple login system. all it does it input user data including a password and then when logging it it compares user name and password entered to find the user id (if exists) and then says you are logged in if a result was found. my problem is no results are ever found.

i have found that no matter what i do the password() function never returns the same value when im trying to select a user id with password=password('$inputedpassword') in the query to look up the user id.

so basically when i register the password is turned into a mess with password(), but wheni log in and use the same password() on it, it gives me something different.

BUT if i register under another user name and then use the same password, password() will give me the same mess (i checked this in the databse).

so i dont know why password() wont do the same thing when im using it in the query in login.php so that i can compare the passwords correctly. the only way i've been able to get this to login is to not encrypt anything. i have tried using md5 but that is giving me this same problem too. Code:
MySQL Logging And Encryption
If logging is turned on, is there a way to disable it for a given query?

IE. If I query --> select AES_ENCRYPT("This is very important data",
"lessthansecretkey");

Then my key and the value I'm trying to encrypt is visible in the log
files.
Encryption Of User / Pass In Odbc.ini / Alternatives
Does anyone know of a more secure way than storing the username and password
to the database connection within the odbc.ini ? We are using PHP on one
server connecting to a MySQL 4.0 database ?
QNX To Windows
I have a MySQL database configured on a Windows machine and I need to connect into that machine from a QNX machine. Does anyone know if there is available a MySQL connection driver for QNX? I haven't found anything in the web site.
Windows XP
I just installed MySQL on Windows XP.

I have the most basic questions:
1] How do I start and stop MySQL.
2] How do I connect.
3] How do I create a user, set password and privaledges.
4] How do I create a table, set column, set column attributes.

Basically, is their any tutorial for the absolute beginner in MySQL on Windows XP.
UDF On Windows
Does anyone have a windows version of MyXML? Or hints to compile it? Quote: About MyXML is an UDF extension to the MySQL database. It provides a set of utilities to make generating XML from the database a simple task. It provides routines to encode XML, create tags and return entire queries in XML.
Windows GUI
Does anyone know how to read SLAVE STATUS and other mysql monitor results within a Windows Program?  Is there a way to execute MySql commands within Visual Basic?
Windows Box
I am trying to connect from a windows box to a mysql database that is on
a unix box and it's coming back with an error. this is via a migration
wizard. I decided to install mysql client on the windows box and start
mysql and see if I will be able to connect to the database. I have
downloaded the code but I don't know how to go from there
Windows UDF
Just a warning - there is currently a worm doing the rounds attacking MySQL servers running on Windows. Linux / *BSD / OSX are not affected.
It doesn't exploit any MySQL security holes, but attempts to brute force the password. Once in it installs a bot (W00t bot), and connects to a number of IRC channels, advertises it's presence and recieves IP subnets to attack.
Solution:
1) Use a STRONG root password. 'root', 'mysql' or 'secret' doesn't cut it.
2) Limit root connects to certain IP addresses (ONLY 'localhost' is the best). Don't let root connect from '%'.
3) MySQL should RARELY be exposed to the network. Use a firewall and MySQL's skip-networking command.
Mysqlclient On Windows
I'm using the command line client for mysql quite a lot on windows, and it really annoys me that I can't use tabstop to complete table/column names, like I can on our *nix machines. Is there something obvious I'm missing (like a config setting somewhere) or is this just the curse of using Windows, which I must learn to live with?
My.cnf Is Not Available Under Windows 2000
according to the manual,

There are two option files with the same function:
`C:my.cnf', and the `my.ini' file in the Windows directory.

Is it sufficient with only one of the files ?

I have only my.ini

For which purpose is my.cnf , please?
Windows Vs Linux
We currently run our MySQL on linux. Could someone advise me on the watch outs on moving MySQL to windows and also if there is any performance loss as a result?
Install On Windows XP
I cant get mysql to run on my winXP computer. I have downloaded it and
installed , unzipped and run setup.exe and placed it in c:mysql.
I type the command to start the mysql server
c:mysqli mysqld --console

It opens the console and then the console shows some inoDB commands and the
console hangs.

I followed the mysql manual and i cant find the answer
there is no command prompt and nothing...how do I run mysql?
Getting Started With 4.1 On Windows Xp Sp2
Has anyone had a problem trying to start the service ?? for some reason it will not let me start up the service and gives me an error message of " server could not be started ". I am running this on my desktop which is a fairly high end machine with a gig of ram P4 3.4, 40 gigs of free space.
Windows Gui & Mysql5.0.2
know anybody a successfuel working gui
which working with mysql5.0.2.

I'm getting allways a crash with query-browser and others.
Versions Of AMP On Windows?
I am somewhat concerned that i have the right versions
of AMP on my Win XP system so it will all work together...
Is there some link that (in simple terms!) tells which versions are safe
together?

I currently have MySQL version 4.0.20d, with Apache 2.0.52 and php
4.3.10. Is this the best combination?
From Windows To Linux
I've got a production MySQL database running on a Linux server, but do my development on a Windows laptop.

I recently overhauled an existing app and needed to write data conversion routines in order for my existing data to map to some new data layouts.

I'm running the conversion on my laptop, so I don't mess up the existing production data.  I will be running some tests in parallel before going live with the new app.

When I run the conversion, Windows sets all the table names to all lower case.  So when I load the data to my Linux box, the table names are all wrong.

Is there anyway to force MySQL to maintain it's case on a Windows machine so that I don't have discrepancies from one OS to another?
Two Windows Problems
When I try to transfer data to the sampdb by using the < sign
i.e mysql> sampdb < insert_student.sql

I get an error.

Question one, what am i doing wong, source insert_student.sql works.

The windows dos window is only a few inches wide and I cannot
read the entire error message. How do I get te dos window open
all the way? The little square button in the upper right doesn't do
anything at all.
MySQL On Windows
I downloaded and installed MySQL for Windows this morning, V4.1. =
Unzipped, installed and started the server as a service, no problems. =
Installed the ODBC driver. A-OK

But, the DOC tells me I have to run "mysql_install_db.sh". So, the =
question is, how am I supposed to run shell scripts on Windows?
Mysql 4.0.20a For Windows
i installed just a few days ago the new my sql 4.0.20a server on a Windows Machine

and heart about that the feature "auto_increment = default value" will work now

now i created a new table added some fields and one field shoud be auto_increment and shoud have a default value (which means, mysql shoud then auto_increment up from the given value), but this doesn't work

i can only choose between default value or auto_increment but not both any ideas ?
MySQL 4 And Windows XP
I am having problems running mysql 4 on windows xp. Mysql 3 works fine.
However version 4 won't run. Even if I start the server with the admin panel
it shuts down again after a couple of seconds. This has only been a problem
since I wiped my hard drive and did a clean install of everything.
Setup Under Windows Xp Sp1
I need to upgrade my current mysql installation . But now there is a problem
to run the setup.exe of installshield 5.x under windows xp sp1 or sp2. The
program hung after few seconds. In the memory remain active woexec, ntvdm
and setup, but the process is freezed. It is possibile to convert the
current setup mode of mysql4.014 in other install system, as for in
mysqlcc092 ?
MySQL 5.0 On Windows 98 SE
I just downloaded MySQL 5.0 and installed it on a machine that I just did a fresh install of Windows 98 Second Edition on.

The install seemed to go smoothly, and when it was done I try to start mysqld from the command line and get this:

C:Program FilesMySQLMySQL Server 5.0in>mysqld --console
051125 21:04:07 [ERROR] Can't find messagefile 'C:Program FilesMySQLMySQL Ser
ver 5.0shareenglisherrmsg.sys'
051125 21:04:07 [ERROR] Aborting

Also, when I look in the above referenced directory, the file errmsg.sys is there: Code:
Windows Or Linux?
I am developing a website using php, MySQL and Apache on my home pc which uses WinXP. I am pretty sure that I will not be able to find a web host who will support Apache on Windows, so I guess I will have to go for one that uses Linux. If I do this, is there a serious difference between the way I need to write the PHP code, or is it just the same.
Mysql On IIS Windows
I very new to mysql. I would like to get some advise on which release i should install in my windows 2000 server using IIS.
Setting Up On Windows XP
1) I can run MySQL in a command prompt and create databases when I am logged into it at root happily. But then my application which hasnt got root access cannot see the database. How do I set up MySQL such that myApp can access a database created by root?
At present if I log in to MySQL using MySQL -u MyAPP
I cannot access the database that I created when I logged in as MYSQL -u root

MS Visual Studio 6 question.
2) I have copied all the .h files into my include directory, and the lib files to the library directory. I have fixed the slight bug in the header files that means the system cant define SOCKET (#define __LCC__)

If I just include the headers and compile it all works well. As soonas I try to use some of the C API commands I get linker errors which implies that the library is not loaded. I have added the library and I still get errors. What am I doing wrong here (or more likely, any suggestions for other things I can try?)
4.0.22standard For Windows
I am looking for version 4.0.22standard for windows.

The web server that I am developing on is 4.0.22standard and I would like to upgrade my local version which is currently 4.0.14 to the same version as the remote web server.

Or is there a way that I can upgrade my current version.
MYSQL In Windows XP Pro Sp2
i get a ERROR 0 when loading the program into my computer. and the servise could not be started, if i go into cmd and type "Net start MYSQL" it says sucsessfull

but when i go into Contrl panel > Administrtor tools > Servise's and click MYSQL it says "error 1067 could be be started"
Can I Use MySQL With A Mac And Windows
I need to share a MySQL database with a guy that uses a Mac, but I don't know anything about the Mac environment. I use WinXP. He has a server that has MySQL loaded on it. I want to create the database, then both of us want to be able to access it or make changes to it via the web.

What type of products do I need? I figure a good MySQL reference book is a necessity. Is there some type of front end application that he can run. I think I can run Access as a front end once it is set up properly. Am I making sense?
Windows Crash
I have one computer where I cannot startup the windows operating system.
In that computer I had installed the MySQL Server.

Putting the hard drive has a slave on a computer with MySQL Server installed, how can I access the databases?
Install My SQL In Windows XP?
Can we install MY SQL in Windows XP? I tried to install but it gave error "This enterprise server sersion is not supported by this OS. Only Client version will be installed".
Problem With Windows XP
I have just installed MySQL4.1 and the querry browser. I am using windows XP (home adition). I chose to run MySQL as a service so it is running automatically each time windows is on.

However, I have trouble to log in mysql and the querry browser. The strange thing is that the problem is on and off for no reason. Sometime everything is fine.
Windows XP Servicepack2
i installed mysql 4.1 under windowsxp sp2, installation works, i also can log in using root passwrd, but i can not add new users (neither in shell nor in admintool).
Copyright © 2005-08 www.BigResource.com, All rights reserved