我的加密AWS数据库真的被加密了吗? [英] Is my encrypted AWS database really encrypted?

问题描述

我正在尝试AWS，创建了一个MySQL加密数据库.我已经将数据库迁移到那里以使用应用程序对其进行测试，并且注意到数据是完全可读的，尽管AWS中的配置表示数据库已加密.我只是想知道那是否应该这样做.对此感到怀疑.我使用MySQL标准客户端进行连接，因此我不希望它可读.任何有关此的线索都很好.

I am experimenting with AWS, creating a MySQL encrypted database. I have migrated a database there to test it with an application and noticed the data is completely readable although the configuration in AWS says the database is encrypted. I am just wondering if that is the way it should be. Doubt it. I connected using a MySQL standard client so I didn't expect it to be readable. Any clues on this would be great.

推荐答案

加密的数据库仅表示永久存储上的文件已加密.他们将必须解密才能查询.然后，解密后的信息将保留在内存中，以避免查询时间过长.由于您使用的是RDS，因此您无权访问静态的实际文件，据我所知，这只能防止有人拥有访问磁盘但没有没有访问内存.

An encrypted database simply means that the files on permanent storage are encrypted. They will have to be decrypted to be queried. The decrypted information then stays in memory to avoid enormous query times. Since you are using RDS you don't have access to the actual files at rest, so as far as I can tell this simply protects against someone with access to the disks but without access to the memory.

适用旧的安全格言:如果您的对手可以物理访问，则所有选择都将关闭.因此，如果要保护数据库内容，必须将其放在只有您有权访问的计算机上.

The old security adage applies: If your adversary has physical access all bets are off. It follows that if you want to secure your database contents you have to put it on a machine that only you have access to.

这篇关于我的加密AWS数据库真的被加密了吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！