托管在客户端上的数据库安全性
[英]Database Security when hosted on client
问题描述
I have a database along with REST API for clients to access the data. 
我有一个数据库以及REST API,供客户端访问数据。 For performance and other reasons, I need to move the application along with the data to the client's physical server. 出于性能和其他原因,我需要将应用程序与数据一起移动到客户端的物理服务器。 Is there a way for me to encrypt the data in the database, so the only way the client can get access to it is through API that I expose, and not by cracking MySql and getting at raw data. 我是否可以对数据库中的数据进行加密,所以客户端可以访问它的唯一方法是通过公开的API,而不是通过破解MySql并获取原始数据。 I do not want the client to see the data stored on my DB, as I feel they will steal it or share it. 我不希望客户端看到存储在数据库中的数据,因为我认为他们会窃取或共享数据。 What can I do to accomplish that? 我该怎么做?
One idea: Is it possible to implement some form of one-way encryption, where its based on the lookup value provided in api. 一个想法:是否有可能实现某种形式的单向加密,其基于api中提供的查找值。
eg api lookup by email, that is then gets one-way encrypted compared in the DB for match, and returns a record. 例如通过电子邮件进行api查找,然后将其与数据库中的单向加密进行比较以进行匹配,并返回一条记录。 This way if they happen to look at my database, the can not see list of emails, all they see is data that is something similar /etc/passwd file. 这样,如果他们碰巧看了我的数据库,就看不到电子邮件列表,他们所看到的只是类似于/ etc / passwd文件的数据。
1 个解决方案
解决方案1
0 2015-10-16 18:06:14
No. 没有。
From the 10 Immutable Laws of Security 从十大不变的安全法则
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore 法则3:如果一个坏人可以不受限制地物理访问您的计算机,则不再是您的计算机
What you want is fundamentally impossible, without caveats. 没有警告,从根本上来说,您想要的是不可能的。 Always and everywhere. 随时随地。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.