有什么方法可以保护你的数据文件免受根？ [英] Any way to protect your data files from root?

问题描述

有没有办法保护数据文件不被root用户访问？


我有一个以数据为中心的网站，并希望保护数据盗版

来自任何脚踏实地的托管公司员工。


有什么想法吗？


谢谢

Mike

Is there a way to protect data files from access by root ?

I have a data-centered website and would like to protect data piracy
from any foot-loose hosting company employee.

Any ideas?

Thanks
Mike

推荐答案

" siliconmike" < SI ********* @ yahoo.com>在消息中写道

news：11 ********************** @ g47g2000cwa.googlegr oups.com ...

"siliconmike" <si*********@yahoo.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...

有没有办法保护数据文件不被root用户访问？

我有一个以数据为中心的网站，并希望保护数据盗版
免受任何松散的托管公司的侵害员工。

任何想法？

Is there a way to protect data files from access by root ?

I have a data-centered website and would like to protect data piracy
from any foot-loose hosting company employee.

Any ideas?

如果用户root无法访问数据，没有人可以。至少在

" nix"系统。


如果您将数据存放在别人的计算机上，那么其他人*就会有*

您的数据。如果你找不到你信任的托管公司，我认为

你唯一的办法是不使用一个。你所描述的是一个你自己做的项目。你需要拥有服务器，你需要实际控制访问它。


IOW - root必须是*你*。

Thomas Bartkus

If the user "root" can''t access the data, then no one can. At least under
"nix" systems.

If you park your data on someone elses computer, that someone else *has*
your data. And if you can''t find a hosting company you can trust, I think
your only recourse is to not use one. What you are describing is a do it
yourself project. You need to own the server and you need to physically
control access to it.

IOW - root has to be *you*.
Thomas Bartkus

>有没有办法保护数据文件不被root用户访问？


加密。但是，这仅适用于*管理员控制的任何主机（或网络）上*未经*未加密的数据。如果此管理员存储加密的

备份（在活动站点上加密，然后发送到

），那么
可能是可接受的设置备份档案系统）。您可以保护

备份存档系统的管理员;你不能防止活跃的网站

管理员。


如果解密密码，管理员会更加难以理解

数据必须由网页用户输入。这意味着仅授权

用户，并且您无法像公共论坛网站那样以b
的方式运行。当然，管理员可以修改Apache来记录密码和传递给网页的
参数。


很久以前的小故事：我曾经操纵过一个版本of cron

读取加密的crontab，类似于popen（cat

crontab | decrypt key，r）。我向一位共同管理人员提出挑战，想要确定它正在做什么。几个星期后，他说按照我对你的秘密文件所做的事情，看看

。他没有做任何事，但是他让b $ b让我解密文件。他修改了系统解密

例程来记录密钥。然后他第二天递给我打印文件

。

>Is there a way to protect data files from access by root ?

Encryption. However, this only works if you *NEVER* have unencrypted
data on any host (or network) that this administrator controls. It
might be an acceptable setup if this admin is storing encrypted
backups (which are encrypted on the active site, then sent to the
backup archival system). You can protect from the admin of the
backup archival system; you can''t protect against the active site
admin.

It makes it harder for the admin if the password to decrypt the
data has to be entered by the web page user. This means "authorized
users only", and you can''t run things like a public forum site this
way. Of course, the admin could modify Apache to log passwords and
parameters passed to web pages.

Little story from long ago: I once rigged up a version of cron
that read an encrypted crontab, with something like popen("cat
crontab | decrypt key", "r"). I challenged a co-admin to figure
out what it was doing. After a couple of weeks, he said "Go look
at what I did to your secret file". He had done nothing, BUT he
got me to decrypt the file. He had modified the system decrypt
routine to log keys. Then he handed me a printout of the file the
next day.

我有一个以数据为中心的网站，并希望保护数据盗版
来自任何脚踏松散的托管公司员工。

任何想法？

I have a data-centered website and would like to protect data piracy
from any foot-loose hosting company employee.

Any ideas?

如果您正在谈论组合网站/数据库托管，

网站必须使用（未加密的）数据，这几乎不可能是b $ b。该网站必须具有解密数据的密钥，

并且该信息位于管理员可以获得的系统上。如果网站和数据库网站处于不同的管理控制之下（可能在不同的国家/地区），那么
可能会有所帮助。

仍然，网站必须有访问数据库所需的信息。


加密数据库的某些字段仍然是一个好主意，

（如信用卡号码），如果数据的一部分，比如一个没有所有网络内容的旧数据库备份，最终会在某人发现的某个垃圾箱中它。此外，如果你最终在法庭上，

加密信用卡号码表明你做了一些

的努力来保护他们免受数据库意外
可从网站上下载，谷歌为其编制索引。


Gordon L. Burditt

If you are talking about a combination web site/database hosting,
where the web site has to use the (unencrypted) data, it''s nearly
impossible. The web site has to have the keys to decrypt the data,
and that info is on the system where the admin can get at it. It
might help a little if the web site and the database site are under
different administrative control (and perhaps in different countries).
Still, the web site MUST have the info needed to access the database.

It is still a good idea to encrypt certain fields of your database,
(such as credit card numbers), in case parts of the data, like an
old database backup WITHOUT all the web content also, ends up in a
dumpster where someone finds it. Also, should you end up in court,
encrypting the credit card numbers demonstrates that you made SOME
effort to protect them against, say, the database being accidentally
made downloadable from the web site and Google indexes it.

Gordon L. Burditt

我的计划是使用密钥加密某些数据列，还使用该密钥加密我的脚本访问数据。


Atleast这将提供一定程度的保护。


这个

案件中加密数据最安全的算法/功能是什么？


Mike

What I plan is to encrypt certain data columns with a key and also
encrypt my scripts that access the data with that key.

Atleast this will provide a level of protection.

What is the most secure algo / function to encrypt the data in this
case ?

Mike

这篇关于有什么方法可以保护你的数据文件免受根？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！