Re: Master - master replication

Re: Master - master replication

am 24.05.2010 12:49:51 von Walter Heck

Hi Carl,

On Mon, May 24, 2010 at 13:42, Carl wrote:
> 1.  Is the data visible during transmission?
Not sure what you mean there?

> 2.  Is there a way to encrypt the data during transmission?
MySQL supports SSL encryption of replication. Here's a good starting
point: http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.htm=
l

cheers,

Walter Heck
Engineer @ Open Query (http://openquery.com)

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg

RE: Master - master replication

am 24.05.2010 13:24:48 von Martin Gainty

--_3b150dcf-1419-4d38-b962-49e00010ddfb_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Hello Carl

MySQL advertises an encryption package using the ENCRYPT('hello') but to da=
te i have'nt find any information on where to download and configure the en=
crpytion package
did you look at http://www.critotech.com

?
Martin Gainty=20
______________________________________________=20
Verzicht und Vertraulichkeitanmerkung/Note de d=E9ni et de confidentialit=
=E9
=20
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaeng=
er sein=2C so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiter=
leitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient l=
ediglich dem Austausch von Informationen und entfaltet keine rechtliche Bin=
dungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen w=
ir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut =EAtre privil=E9gi=E9. Si vous n'=EAtes=
pas le destinataire pr=E9vu=2C nous te demandons avec bont=E9 que pour sat=
isfaire informez l'exp=E9diteur. N'importe quelle diffusion non autoris=E9e=
ou la copie de ceci est interdite. Ce message sert =E0 l'information seule=
ment et n'aura pas n'importe quel effet l=E9galement obligatoire. =C9tant d=
onn=E9 que les email peuvent facilement =EAtre sujets =E0 la manipulation=
=2C nous ne pouvons accepter aucune responsabilit=E9 pour le contenu fourni=
..




> From: carl@etrak-plus.com
> To: mysql@lists.mysql.com
> Subject: Master - master replication
> Date: Mon=2C 24 May 2010 06:42:06 -0500
>=20
> I am setting up master - master replication between two sites that are in=
separate facilities that are hundreds of miles apart. =20
>=20
> The operating systems are Slackware 13=2C the MySql version is 5.1.41 (wi=
ll probably upgrade to latest.)
>=20
> I have two questions:
>=20
> 1. Is the data visible during transmission?
>=20
> 2. Is there a way to encrypt the data during transmission?
>=20
> Thanks=2C
>=20
> Carl
>=20
=20
____________________________________________________________ _____
The New Busy is not the too busy. Combine all your e-mail accounts with Hot=
mail.
http://www.windowslive.com/campaign/thenewbusy?tile=3Dmultia ccount&ocid=3DP=
ID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4=

--_3b150dcf-1419-4d38-b962-49e00010ddfb_--

Master - master replication

am 24.05.2010 13:42:06 von carl

------=_NextPart_000_000D_01CAFB0C.3A22F7F0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I am setting up master - master replication between two sites that are =
in separate facilities that are hundreds of miles apart. =20

The operating systems are Slackware 13, the MySql version is 5.1.41 =
(will probably upgrade to latest.)

I have two questions:

1. Is the data visible during transmission?

2. Is there a way to encrypt the data during transmission?

Thanks,

Carl


------=_NextPart_000_000D_01CAFB0C.3A22F7F0--

Re: Master - master replication

am 24.05.2010 13:47:01 von John Daisley

--0016e65a085c5d02ec048755996f
Content-Type: text/plain; charset=ISO-8859-1

also consider that it is much more likely that remote slaves will start
falling behind particularly if you throw encryption into the equation.

Regards

John

On 24 May 2010 13:24, Carl wrote:

> Walter,
>
> Don't know how I missed that but it exactly what I needed.
>
> Thanks,
>
> Carl
> ----- Original Message ----- From: "Walter Heck"
> To: "Carl"
> Cc:
> Sent: Monday, May 24, 2010 5:49 AM
> Subject: Re: Master - master replication
>
>
>
> Hi Carl,
>
> On Mon, May 24, 2010 at 13:42, Carl wrote:
>
>> 1. Is the data visible during transmission?
>>
> Not sure what you mean there?
>
> 2. Is there a way to encrypt the data during transmission?
>>
> MySQL supports SSL encryption of replication. Here's a good starting
> point:
> http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.html
>
> cheers,
>
> Walter Heck
> Engineer @ Open Query (http://openquery.com)
>
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:
> http://lists.mysql.com/mysql?unsub=john.daisley@butterflysys tems.co.uk
>
>


--
John Daisley

Certified MySQL 5 Database Administrator
Certified MySQL 5 Developer
Cognos BI Developer

Telephone: +44 (0)7918 621621
Email: john.daisley@butterflysystems.co.uk

--0016e65a085c5d02ec048755996f--

RE: Master - master replication

am 24.05.2010 13:50:59 von Martin Gainty

--_67cdac98-ee70-4875-bc75-09cb37db8825_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


yes.. SSL can implement number of encryption algorithms

=20

but when a webserver configuration is configured with HTTP (instead ofHTTPS=
)

http://www.pgp.com/

=20

export mysql rows to PGP encrypter ..transmit via some secure mec=
hanism sftp/scp (or ftp/cp without secure handshakes)

the PGP decrypter at the other end will decrypt the received rows and const=
ruct import/update statements to MYSQL

=20

?
Martin Gainty=20
______________________________________________=20
Verzicht und Vertraulichkeitanmerkung/Note de d=E9ni et de confidentialit=
=E9

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaeng=
er sein=2C so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiter=
leitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient l=
ediglich dem Austausch von Informationen und entfaltet keine rechtliche Bin=
dungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen w=
ir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut =EAtre privil=E9gi=E9. Si vous n'=EAtes=
pas le destinataire pr=E9vu=2C nous te demandons avec bont=E9 que pour sat=
isfaire informez l'exp=E9diteur. N'importe quelle diffusion non autoris=E9e=
ou la copie de ceci est interdite. Ce message sert =E0 l'information seule=
ment et n'aura pas n'importe quel effet l=E9galement obligatoire. =C9tant d=
onn=E9 que les email peuvent facilement =EAtre sujets =E0 la manipulation=
=2C nous ne pouvons accepter aucune responsabilit=E9 pour le contenu fourni=
..



=20

> From: carl@etrak-plus.com
> To: walter@openquery.com
> CC: mysql@lists.mysql.com
> Subject: Re: Master - master replication
> Date: Mon=2C 24 May 2010 07:24:35 -0500
>=20
> Walter=2C
>=20
> Don't know how I missed that but it exactly what I needed.
>=20
> Thanks=2C
>=20
> Carl
> ----- Original Message -----=20
> From: "Walter Heck"
> To: "Carl"
> Cc:
> Sent: Monday=2C May 24=2C 2010 5:49 AM
> Subject: Re: Master - master replication
>=20
>=20
> Hi Carl=2C
>=20
> On Mon=2C May 24=2C 2010 at 13:42=2C Carl wrote:
> > 1. Is the data visible during transmission?
> Not sure what you mean there?
>=20
> > 2. Is there a way to encrypt the data during transmission?
> MySQL supports SSL encryption of replication. Here's a good starting
> point: http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.h=
tml
>=20
> cheers=2C
>=20
> Walter Heck
> Engineer @ Open Query (http://openquery.com)
>=20
>=20
> --=20
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dmgainty@hotmail.com
>=20
=20
____________________________________________________________ _____
The New Busy is not the old busy. Search=2C chat and e-mail from your inbox=
..
http://www.windowslive.com/campaign/thenewbusy?ocid=3DPID283 26::T:WLMTAGL:O=
N:WL:en-US:WM_HMP:042010_3=

--_67cdac98-ee70-4875-bc75-09cb37db8825_--

Re: Master - master replication

am 24.05.2010 14:20:55 von John Daisley

--0016367fa4b89adc8f048756126e
Content-Type: text/plain; charset=ISO-8859-1

You need to check pci compliance rules before you go replicating and
transmitting credit card data.

On 24 May 2010 14:15, Carl wrote:

> Interesting. How is the best way to protect the information while using
> master - master replication on remote sites? (The data contains the
> information of children, credit cards and bank accounts.)
>
> Thanks,
>
> Carl
>
> ----- Original Message -----
> *From:* John Daisley
> *To:* Carl
> *Cc:* Walter Heck ; mysql@lists.mysql.com
> *Sent:* Monday, May 24, 2010 6:47 AM
> *Subject:* Re: Master - master replication
>
> also consider that it is much more likely that remote slaves will start
> falling behind particularly if you throw encryption into the equation.
>
> Regards
>
> John
>
> On 24 May 2010 13:24, Carl wrote:
>
>> Walter,
>>
>> Don't know how I missed that but it exactly what I needed.
>>
>> Thanks,
>>
>> Carl
>> ----- Original Message ----- From: "Walter Heck"
>> To: "Carl"
>> Cc:
>> Sent: Monday, May 24, 2010 5:49 AM
>> Subject: Re: Master - master replication
>>
>>
>>
>> Hi Carl,
>>
>> On Mon, May 24, 2010 at 13:42, Carl wrote:
>>
>>> 1. Is the data visible during transmission?
>>>
>> Not sure what you mean there?
>>
>> 2. Is there a way to encrypt the data during transmission?
>>>
>> MySQL supports SSL encryption of replication. Here's a good starting
>> point:
>> http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.html
>>
>> cheers,
>>
>> Walter Heck
>> Engineer @ Open Query (http://openquery.com)
>>
>>
>> --
>> MySQL General Mailing List
>> For list archives: http://lists.mysql.com/mysql
>> To unsubscribe:
>> http://lists.mysql.com/mysql?unsub=john.daisley@butterflysys tems.co.uk
>>
>>
>
>
> --
> John Daisley
>
> Certified MySQL 5 Database Administrator
> Certified MySQL 5 Developer
> Cognos BI Developer
>
> Telephone: +44 (0)7918 621621
> Email: john.daisley@butterflysystems.co.uk
>
>


--
John Daisley

Certified MySQL 5 Database Administrator
Certified MySQL 5 Developer
Cognos BI Developer

Telephone: +44 (0)7918 621621
Email: john.daisley@butterflysystems.co.uk

--0016367fa4b89adc8f048756126e--

Re: Master - master replication

am 24.05.2010 14:23:42 von prabhat kumar

--00c09fa21838960deb0487561cff
Content-Type: text/plain; charset=ISO-8859-1

I think setting up few more configuration variable in replication will
secure the data in plain text transmission .

#--master-ssl
#--master-ssl-ca
#--master-ssl-capath
#--master-ssl-cert
#--master-ssl-cipher
#--master-ssl-key
http://dev.mysql.com/doc/refman/5.0/en/replication-options-s lave.html

http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.h tml

Thanks,


On Mon, May 24, 2010 at 6:45 PM, Carl wrote:

> Interesting. How is the best way to protect the information while using
> master - master replication on remote sites? (The data contains the
> information of children, credit cards and bank accounts.)
>
> Thanks,
>
> Carl
> ----- Original Message -----
> From: John Daisley
> To: Carl
> Cc: Walter Heck ; mysql@lists.mysql.com
> Sent: Monday, May 24, 2010 6:47 AM
> Subject: Re: Master - master replication
>
>
> also consider that it is much more likely that remote slaves will start
> falling behind particularly if you throw encryption into the equation.
>
> Regards
>
> John
>
>
> On 24 May 2010 13:24, Carl wrote:
>
> Walter,
>
> Don't know how I missed that but it exactly what I needed.
>
> Thanks,
>
> Carl
> ----- Original Message ----- From: "Walter Heck"
> To: "Carl"
> Cc:
> Sent: Monday, May 24, 2010 5:49 AM
> Subject: Re: Master - master replication
>
>
>
> Hi Carl,
>
> On Mon, May 24, 2010 at 13:42, Carl wrote:
>
> 1. Is the data visible during transmission?
>
> Not sure what you mean there?
>
>
> 2. Is there a way to encrypt the data during transmission?
>
> MySQL supports SSL encryption of replication. Here's a good starting
> point:
> http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.html
>
> cheers,
>
> Walter Heck
> Engineer @ Open Query (http://openquery.com)
>
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:
> http://lists.mysql.com/mysql?unsub=john.daisley@butterflysys tems.co.uk
>
>
>
>
>
> --
> John Daisley
>
> Certified MySQL 5 Database Administrator
> Certified MySQL 5 Developer
> Cognos BI Developer
>
> Telephone: +44 (0)7918 621621
> Email: john.daisley@butterflysystems.co.uk
>



--
Best Regards,

Prabhat Kumar
MySQL DBA
Datavail-India Mumbai
Mobile : 91-9987681929
www.datavail.com

My Blog: http://adminlinux.blogspot.com
My LinkedIn: http://www.linkedin.com/in/profileprabhat

--00c09fa21838960deb0487561cff--

Re: Master - master replication

am 24.05.2010 14:24:35 von carl

Walter,

Don't know how I missed that but it exactly what I needed.

Thanks,

Carl
----- Original Message -----
From: "Walter Heck"
To: "Carl"
Cc:
Sent: Monday, May 24, 2010 5:49 AM
Subject: Re: Master - master replication


Hi Carl,

On Mon, May 24, 2010 at 13:42, Carl wrote:
> 1. Is the data visible during transmission?
Not sure what you mean there?

> 2. Is there a way to encrypt the data during transmission?
MySQL supports SSL encryption of replication. Here's a good starting
point: http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.html

cheers,

Walter Heck
Engineer @ Open Query (http://openquery.com)


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org

Re: Master - master replication

am 24.05.2010 14:39:04 von John Daisley

--0016e6434be888a2ad0487565354
Content-Type: text/plain; charset=ISO-8859-1

ssl is not enough for pci dss compliance. If you store credit card
information and are not pci compliant you can be heavily fined and have your
ability to process/accept credit card payments permanently removed.

The storage and transmission of credit card details demands end-to-end
encryption and tokenization. MySQL replication with ssl is not going to meet
the requirements. Probably be easier to write the data to both servers
directly rather than writing to one and then trying to secure replication to
a level demanded by the pci regs.

regards
John



On 24 May 2010 13:23, Prabhat Kumar wrote:

> I think setting up few more configuration variable in replication will
> secure the data in plain text transmission .
>
> #--master-ssl
> #--master-ssl-ca
> #--master-ssl-capath
> #--master-ssl-cert
> #--master-ssl-cipher
> #--master-ssl-key
> http://dev.mysql.com/doc/refman/5.0/en/replication-options-s lave.html
>
> http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.h tml
>
> Thanks,
>
>
>
> On Mon, May 24, 2010 at 6:45 PM, Carl wrote:
>
>> Interesting. How is the best way to protect the information while using
>> master - master replication on remote sites? (The data contains the
>> information of children, credit cards and bank accounts.)
>>
>> Thanks,
>>
>> Carl
>> ----- Original Message -----
>> From: John Daisley
>> To: Carl
>> Cc: Walter Heck ; mysql@lists.mysql.com
>> Sent: Monday, May 24, 2010 6:47 AM
>> Subject: Re: Master - master replication
>>
>>
>> also consider that it is much more likely that remote slaves will start
>> falling behind particularly if you throw encryption into the equation.
>>
>> Regards
>>
>> John
>>
>>
>> On 24 May 2010 13:24, Carl wrote:
>>
>> Walter,
>>
>> Don't know how I missed that but it exactly what I needed.
>>
>> Thanks,
>>
>> Carl
>> ----- Original Message ----- From: "Walter Heck" >> >
>> To: "Carl"
>> Cc:
>> Sent: Monday, May 24, 2010 5:49 AM
>> Subject: Re: Master - master replication
>>
>>
>>
>> Hi Carl,
>>
>> On Mon, May 24, 2010 at 13:42, Carl wrote:
>>
>> 1. Is the data visible during transmission?
>>
>> Not sure what you mean there?
>>
>>
>> 2. Is there a way to encrypt the data during transmission?
>>
>> MySQL supports SSL encryption of replication. Here's a good starting
>> point:
>> http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.html
>>
>> cheers,
>>
>> Walter Heck
>> Engineer @ Open Query (http://openquery.com)
>>
>>
>> --
>> MySQL General Mailing List
>> For list archives: http://lists.mysql.com/mysql
>> To unsubscribe:
>> http://lists.mysql.com/mysql?unsub=john.daisley@butterflysys tems.co.uk
>>
>>
>>
>>
>>
>> --
>> John Daisley
>>
>> Certified MySQL 5 Database Administrator
>> Certified MySQL 5 Developer
>> Cognos BI Developer
>>
>> Telephone: +44 (0)7918 621621
>> Email: john.daisley@butterflysystems.co.uk
>>
>
>
>
> --
> Best Regards,
>
> Prabhat Kumar
> MySQL DBA
> Datavail-India Mumbai
> Mobile : 91-9987681929
> www.datavail.com
>
> My Blog: http://adminlinux.blogspot.com
> My LinkedIn: http://www.linkedin.com/in/profileprabhat
>



--
John Daisley

Certified MySQL 5 Database Administrator
Certified MySQL 5 Developer
Cognos BI Developer

Telephone: +44 (0)7918 621621
Email: john.daisley@butterflysystems.co.uk

--0016e6434be888a2ad0487565354--

Re: Master - master replication

am 24.05.2010 14:40:29 von Walter Heck

Carl,

if you want to be secure, do not use the internet to transfer your
data. SSH, VPN and SSL can not give you the kind of security a private
line can give you. That is a tad expensive though :)

Walter

On Mon, May 24, 2010 at 15:33, Carl wrote:
> John,
>
> I am familiar with the PCI regs and am trying to accomodate them.  O=
ur process requires that the card information is available on both servers =
so it is more a question of how than if.
>
> Thanks,
>
> Carl
>  ----- Original Message -----
>  From: John Daisley
>  To: Carl
>  Cc: Walter Heck ; mysql@lists.mysql.com
>  Sent: Monday, May 24, 2010 7:20 AM
>  Subject: Re: Master - master replication
>
>
>  You need to check pci compliance rules before you go replicating an=
d transmitting credit card data.
>
>
>  On 24 May 2010 14:15, Carl wrote:
>
>    Interesting.  How is the best way to protect the inform=
ation while using master - master replication on remote sites?  (The d=
ata contains the information of children, credit cards and bank accounts.)
>
>    Thanks,
>
>    Carl
>      ----- Original Message -----
>      From: John Daisley
>      To: Carl
>      Cc: Walter Heck ; mysql@lists.mysql.com
>      Sent: Monday, May 24, 2010 6:47 AM
>      Subject: Re: Master - master replication
>
>
>      also consider that it is much more likely that remote=
slaves will start falling behind particularly if you throw encryption into=
the equation.
>
>      Regards
>
>      John
>
>
>      On 24 May 2010 13:24, Carl wrot=
e:
>
>        Walter,
>
>        Don't know how I missed that but it exactly wh=
at I needed.
>
>        Thanks,
>
>        Carl
>        ----- Original Message ----- From: "Walter Hec=
k"
>        To: "Carl"
>        Cc:
>        Sent: Monday, May 24, 2010 5:49 AM
>        Subject: Re: Master - master replication
>
>
>
>        Hi Carl,
>
>        On Mon, May 24, 2010 at 13:42, Carl k-plus.com> wrote:
>
>          1. Is the data visible during transmiss=
ion?
>
>        Not sure what you mean there?
>
>
>          2. Is there a way to encrypt the data d=
uring transmission?
>
>        MySQL supports SSL encryption of replication. =
Here's a good starting
>        point: http://dev.mysql.com/doc/refman/5.1/en/=
replication-solutions-ssl.html
>
>        cheers,
>
>        Walter Heck
>        Engineer @ Open Query (http://openquery.com)
>
>
>        --
>        MySQL General Mailing List
>        For list archives: http://lists.mysql.com/mysq=
l
>        To unsubscribe:    http://lists.mysq=
l.com/mysql?unsub=3Djohn.daisley@butterflysystems.co.uk
>
>
>
>
>
>      --
>      John Daisley
>
>      Certified MySQL 5 Database Administrator
>      Certified MySQL 5 Developer
>      Cognos BI Developer
>
>      Telephone: +44 (0)7918 621621
>      Email: john.daisley@butterflysystems.co.uk
>
>
>
>
>  --
>  John Daisley
>
>  Certified MySQL 5 Database Administrator
>  Certified MySQL 5 Developer
>  Cognos BI Developer
>
>  Telephone: +44 (0)7918 621621
>  Email: john.daisley@butterflysystems.co.uk
>

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg

Re: Master - master replication

am 24.05.2010 14:47:55 von Mark Goodge

On 24/05/2010 13:40, Walter Heck wrote:
> Carl,
>
> if you want to be secure, do not use the internet to transfer your
> data. SSH, VPN and SSL can not give you the kind of security a private
> line can give you. That is a tad expensive though :)

That's true, but again that's not really answering the question which
was asked. Plenty of sites use PCI-compliant transmission of data across
the Internet, there's no reason why that should be an issue provided
it's done correctly. The question here is whether MySQL natively
supports the tools necessary to do it correctly, and if so how to
implement them.

Mark

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org

Re: Master - master replication

am 24.05.2010 15:09:14 von Patrick Sherrill

I beleive the issue is more storage related than anything else.
Multiple servers exponentially increased risk of compromise.

Carl wrote:
> This is both interesting and puzzling.
>
> The only way credit card information can be aquired is through SSL communication with the user (user enters credit card information which is used to authorize the transactions, whatever.) Yet, that same process is not sufficient to comply with PCI DSS requirements to move the card information from one server to another. Seems illogical since both transmissions are exposed in the same way.
>
> Thanks,
>
> Carl
> ----- Original Message -----
> From: John Daisley
> To: Prabhat Kumar
> Cc: Carl ; Walter Heck ; mysql@lists.mysql.com
> Sent: Monday, May 24, 2010 7:39 AM
> Subject: Re: Master - master replication
>
>
> ssl is not enough for pci dss compliance. If you store credit card information and are not pci compliant you can be heavily fined and have your ability to process/accept credit card payments permanently removed.
>
> The storage and transmission of credit card details demands end-to-end encryption and tokenization. MySQL replication with ssl is not going to meet the requirements. Probably be easier to write the data to both servers directly rather than writing to one and then trying to secure replication to a level demanded by the pci regs.
>
> regards
> John
>
>
>
>
> On 24 May 2010 13:23, Prabhat Kumar wrote:
>
> I think setting up few more configuration variable in replication will secure the data in plain text transmission .
>
> #--master-ssl
> #--master-ssl-ca
> #--master-ssl-capath
> #--master-ssl-cert
> #--master-ssl-cipher
> #--master-ssl-key
> http://dev.mysql.com/doc/refman/5.0/en/replication-options-s lave.html
>
> http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.h tml
>
> Thanks,
>
>
>
>
> On Mon, May 24, 2010 at 6:45 PM, Carl wrote:
>
> Interesting. How is the best way to protect the information while using master - master replication on remote sites? (The data contains the information of children, credit cards and bank accounts.)
>
> Thanks,
>
> Carl
>
> ----- Original Message -----
> From: John Daisley
> To: Carl
> Cc: Walter Heck ; mysql@lists.mysql.com
> Sent: Monday, May 24, 2010 6:47 AM
> Subject: Re: Master - master replication
>
>
> also consider that it is much more likely that remote slaves will start falling behind particularly if you throw encryption into the equation.
>
> Regards
>
> John
>
>
> On 24 May 2010 13:24, Carl wrote:
>
> Walter,
>
> Don't know how I missed that but it exactly what I needed.
>
> Thanks,
>
> Carl
> ----- Original Message ----- From: "Walter Heck"
> To: "Carl"
> Cc:
> Sent: Monday, May 24, 2010 5:49 AM
> Subject: Re: Master - master replication
>
>
>
> Hi Carl,
>
> On Mon, May 24, 2010 at 13:42, Carl wrote:
>
> 1. Is the data visible during transmission?
>
> Not sure what you mean there?
>
>
> 2. Is there a way to encrypt the data during transmission?
>
> MySQL supports SSL encryption of replication. Here's a good starting
> point: http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.html
>
> cheers,
>
> Walter Heck
> Engineer @ Open Query (http://openquery.com)
>
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: http://lists.mysql.com/mysql?unsub=john.daisley@butterflysys tems.co.uk
>
>
>
>
>
> --
> John Daisley
>
> Certified MySQL 5 Database Administrator
> Certified MySQL 5 Developer
> Cognos BI Developer
>
> Telephone: +44 (0)7918 621621
> Email: john.daisley@butterflysystems.co.uk
>
>
>
>
>
> --
> Best Regards,
>
> Prabhat Kumar
> MySQL DBA
> Datavail-India Mumbai
> Mobile : 91-9987681929
> www.datavail.com
>
> My Blog: http://adminlinux.blogspot.com
> My LinkedIn: http://www.linkedin.com/in/profileprabhat
>
>
>
>
> --
> John Daisley
>
> Certified MySQL 5 Database Administrator
> Certified MySQL 5 Developer
> Cognos BI Developer
>
> Telephone: +44 (0)7918 621621
> Email: john.daisley@butterflysystems.co.uk
>

--
Patrick Sherrill
patrick@michael-clarke.com

Michael-Clarke Company, Inc.
Since 1982
825 SE 47th Terrace
Cape Coral, FL 33904

(239) 945-0821 Office
(239) 770-6661 Cell

Confidentiality Notice. This email message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all
copies of the original message.

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org

Re: Master - master replication

am 24.05.2010 15:15:30 von carl

------=_NextPart_000_03BC_01CAFB19.461536B0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Interesting. How is the best way to protect the information while using =
master - master replication on remote sites? (The data contains the =
information of children, credit cards and bank accounts.)

Thanks,

Carl
----- Original Message -----=20
From: John Daisley=20
To: Carl=20
Cc: Walter Heck ; mysql@lists.mysql.com=20
Sent: Monday, May 24, 2010 6:47 AM
Subject: Re: Master - master replication


also consider that it is much more likely that remote slaves will =
start falling behind particularly if you throw encryption into the =
equation.=20

Regards

John


On 24 May 2010 13:24, Carl wrote:

Walter,

Don't know how I missed that but it exactly what I needed.

Thanks,

Carl
----- Original Message ----- From: "Walter Heck" =

To: "Carl"
Cc:
Sent: Monday, May 24, 2010 5:49 AM
Subject: Re: Master - master replication



Hi Carl,

On Mon, May 24, 2010 at 13:42, Carl wrote:

1. Is the data visible during transmission?

Not sure what you mean there?


2. Is there a way to encrypt the data during transmission?

MySQL supports SSL encryption of replication. Here's a good starting
point: =
http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.html

cheers,

Walter Heck
Engineer @ Open Query (http://openquery.com)


--=20
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: =
http://lists.mysql.com/mysql?unsub=3Djohn.daisley@butterflys ystems.co.uk





--=20
John Daisley

Certified MySQL 5 Database Administrator
Certified MySQL 5 Developer
Cognos BI Developer

Telephone: +44 (0)7918 621621
Email: john.daisley@butterflysystems.co.uk

------=_NextPart_000_03BC_01CAFB19.461536B0--

Re: Master - master replication

am 24.05.2010 15:33:18 von carl

------=_NextPart_000_05DF_01CAFB1B.C2C80E60
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

John,

I am familiar with the PCI regs and am trying to accomodate them. Our =
process requires that the card information is available on both servers =
so it is more a question of how than if.

Thanks,

Carl
----- Original Message -----=20
From: John Daisley=20
To: Carl=20
Cc: Walter Heck ; mysql@lists.mysql.com=20
Sent: Monday, May 24, 2010 7:20 AM
Subject: Re: Master - master replication


You need to check pci compliance rules before you go replicating and =
transmitting credit card data.


On 24 May 2010 14:15, Carl wrote:

Interesting. How is the best way to protect the information while =
using master - master replication on remote sites? (The data contains =
the information of children, credit cards and bank accounts.)

Thanks,

Carl
----- Original Message -----=20
From: John Daisley=20
To: Carl=20
Cc: Walter Heck ; mysql@lists.mysql.com=20
Sent: Monday, May 24, 2010 6:47 AM
Subject: Re: Master - master replication


also consider that it is much more likely that remote slaves will =
start falling behind particularly if you throw encryption into the =
equation.=20

Regards

John


On 24 May 2010 13:24, Carl wrote:

Walter,

Don't know how I missed that but it exactly what I needed.

Thanks,

Carl
----- Original Message ----- From: "Walter Heck" =

To: "Carl"
Cc:
Sent: Monday, May 24, 2010 5:49 AM
Subject: Re: Master - master replication=20



Hi Carl,

On Mon, May 24, 2010 at 13:42, Carl wrote:

1. Is the data visible during transmission?

Not sure what you mean there?


2. Is there a way to encrypt the data during transmission?

MySQL supports SSL encryption of replication. Here's a good =
starting
point: =
http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.html

cheers,

Walter Heck
Engineer @ Open Query (http://openquery.com)


--=20
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: =
http://lists.mysql.com/mysql?unsub=3Djohn.daisley@butterflys ystems.co.uk





--=20
John Daisley

Certified MySQL 5 Database Administrator
Certified MySQL 5 Developer
Cognos BI Developer

Telephone: +44 (0)7918 621621
Email: john.daisley@butterflysystems.co.uk




--=20
John Daisley

Certified MySQL 5 Database Administrator
Certified MySQL 5 Developer
Cognos BI Developer

Telephone: +44 (0)7918 621621
Email: john.daisley@butterflysystems.co.uk

------=_NextPart_000_05DF_01CAFB1B.C2C80E60--

RE: Master - master replication

am 24.05.2010 15:51:17 von Martin Gainty

--_60ca89bf-6f80-4435-a567-553c2108cbfa_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


mg>zoom down to walters question(s)

> Hi Carl=2C
>=20
> On Mon=2C May 24=2C 2010 at 13:42=2C Carl wrote:
>=20
> 1. Is the data visible during transmission?
>=20
> Not sure what you mean there?

mg>he means if someone was sharking the line would they be able to see Fina=
ncial Information / HealthInformation that are protected by federal law?(at=
least in the US....YMMV)


>=20
>=20
> 2. Is there a way to encrypt the data during transmission?
>=20
> MySQL supports SSL encryption of replication. Here's a good starting
> point: http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.h=
tml

mg>if you can convince the powers that be to update your webserver and all =
backend server to support SSL then ALL transmissions would need to be encry=
pted using the SSL encrpytion

mg>..otherwise go with PGP..


>=20
> cheers=2C
>=20
> Walter Heck
> Engineer @ Open Query (http://openquery.com)
>=20
>=20
> --=20
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: http://lists.mysql.com/mysql?unsub=3Djohn.daisley@butterf=
lysystems.co.uk
>=20
>=20
>=20
>=20
>=20
> --=20
> John Daisley
>=20
> Certified MySQL 5 Database Administrator
> Certified MySQL 5 Developer
> Cognos BI Developer
>=20
> Telephone: +44 (0)7918 621621
> Email: john.daisley@butterflysystems.co.uk
>=20
>=20
>=20
>=20
> --=20
> John Daisley
>=20
> Certified MySQL 5 Database Administrator
> Certified MySQL 5 Developer
> Cognos BI Developer
>=20
> Telephone: +44 (0)7918 621621
> Email: john.daisley@butterflysystems.co.uk

=20
____________________________________________________________ _____
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with H=
otmail.=20
http://www.windowslive.com/campaign/thenewbusy?tile=3Dmultic alendar&ocid=3D=
PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5=

--_60ca89bf-6f80-4435-a567-553c2108cbfa_--

Re: Master - master replication

am 24.05.2010 15:57:16 von carl

------=_NextPart_000_00BE_01CAFB1F.1BE57160
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

This is both interesting and puzzling. =20

The only way credit card information can be aquired is through SSL =
communication with the user (user enters credit card information which =
is used to authorize the transactions, whatever.) Yet, that same =
process is not sufficient to comply with PCI DSS requirements to move =
the card information from one server to another. Seems illogical since =
both transmissions are exposed in the same way.

Thanks,

Carl
----- Original Message -----=20
From: John Daisley=20
To: Prabhat Kumar=20
Cc: Carl ; Walter Heck ; mysql@lists.mysql.com=20
Sent: Monday, May 24, 2010 7:39 AM
Subject: Re: Master - master replication


ssl is not enough for pci dss compliance. If you store credit card =
information and are not pci compliant you can be heavily fined and have =
your ability to process/accept credit card payments permanently removed. =


The storage and transmission of credit card details demands end-to-end =
encryption and tokenization. MySQL replication with ssl is not going to =
meet the requirements. Probably be easier to write the data to both =
servers directly rather than writing to one and then trying to secure =
replication to a level demanded by the pci regs.

regards
John




On 24 May 2010 13:23, Prabhat Kumar wrote:

I think setting up few more configuration variable in replication =
will secure the data in plain text transmission .

#--master-ssl
#--master-ssl-ca
#--master-ssl-capath
#--master-ssl-cert
#--master-ssl-cipher
#--master-ssl-key=20
=
http://dev.mysql.com/doc/refman/5.0/en/replication-options-s lave.html

http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.h tml

Thanks,




On Mon, May 24, 2010 at 6:45 PM, Carl wrote:

Interesting. How is the best way to protect the information while =
using master - master replication on remote sites? (The data contains =
the information of children, credit cards and bank accounts.)

Thanks,

Carl

----- Original Message -----
From: John Daisley
To: Carl
Cc: Walter Heck ; mysql@lists.mysql.com
Sent: Monday, May 24, 2010 6:47 AM
Subject: Re: Master - master replication


also consider that it is much more likely that remote slaves will =
start falling behind particularly if you throw encryption into the =
equation.

Regards

John


On 24 May 2010 13:24, Carl wrote:

Walter,

Don't know how I missed that but it exactly what I needed.

Thanks,

Carl
----- Original Message ----- From: "Walter Heck" =

To: "Carl"
Cc:
Sent: Monday, May 24, 2010 5:49 AM
Subject: Re: Master - master replication



Hi Carl,

On Mon, May 24, 2010 at 13:42, Carl =
wrote:

1. Is the data visible during transmission?

Not sure what you mean there?


2. Is there a way to encrypt the data during transmission?

MySQL supports SSL encryption of replication. Here's a good =
starting
point: =
http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.html

cheers,

Walter Heck
Engineer @ Open Query (http://openquery.com)


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: =
http://lists.mysql.com/mysql?unsub=3Djohn.daisley@butterflys ystems.co.uk





--
John Daisley

Certified MySQL 5 Database Administrator
Certified MySQL 5 Developer
Cognos BI Developer

Telephone: +44 (0)7918 621621
Email: john.daisley@butterflysystems.co.uk





--=20
Best Regards,

Prabhat Kumar
MySQL DBA
Datavail-India Mumbai
Mobile : 91-9987681929
www.datavail.com

My Blog: http://adminlinux.blogspot.com
My LinkedIn: http://www.linkedin.com/in/profileprabhat




--=20
John Daisley

Certified MySQL 5 Database Administrator
Certified MySQL 5 Developer
Cognos BI Developer

Telephone: +44 (0)7918 621621
Email: john.daisley@butterflysystems.co.uk

------=_NextPart_000_00BE_01CAFB1F.1BE57160--

Re: Master - master replication

am 24.05.2010 16:18:09 von carl

Mark and Patrick,

The data is encrypted on the servers (wouldn't want it any other way.) So,
I believe we would be transmitting encrypted data over a secure line (SSL,
SSH, VPN, whatever.) Doesn't sound to me that there is much of a chance a
bad person could ever see anything. Can anyone see how the data could be
acquired by a bad person? (I understand both servers have to be secured.)

Thanks,

Carl

----- Original Message -----
From: "Patrick Sherrill"
To: "Carl"
Cc:
Sent: Monday, May 24, 2010 8:09 AM
Subject: Re: Master - master replication


>I beleive the issue is more storage related than anything else.
> Multiple servers exponentially increased risk of compromise.
>
> Carl wrote:
>> This is both interesting and puzzling.
>>
>> The only way credit card information can be aquired is through SSL
>> communication with the user (user enters credit card information which is
>> used to authorize the transactions, whatever.) Yet, that same process is
>> not sufficient to comply with PCI DSS requirements to move the card
>> information from one server to another. Seems illogical since both
>> transmissions are exposed in the same way.
>>
>> Thanks,
>>
>> Carl
>> ----- Original Message -----
>> From: John Daisley
>> To: Prabhat Kumar
>> Cc: Carl ; Walter Heck ; mysql@lists.mysql.com
>> Sent: Monday, May 24, 2010 7:39 AM
>> Subject: Re: Master - master replication
>>
>>
>> ssl is not enough for pci dss compliance. If you store credit card
>> information and are not pci compliant you can be heavily fined and have
>> your ability to process/accept credit card payments permanently removed.
>>
>> The storage and transmission of credit card details demands end-to-end
>> encryption and tokenization. MySQL replication with ssl is not going to
>> meet the requirements. Probably be easier to write the data to both
>> servers directly rather than writing to one and then trying to secure
>> replication to a level demanded by the pci regs.
>>
>> regards
>> John
>>
>>
>>
>>
>> On 24 May 2010 13:23, Prabhat Kumar wrote:
>>
>> I think setting up few more configuration variable in replication
>> will secure the data in plain text transmission .
>>
>> #--master-ssl
>> #--master-ssl-ca
>> #--master-ssl-capath
>> #--master-ssl-cert
>> #--master-ssl-cipher
>> #--master-ssl-key
>> http://dev.mysql.com/doc/refman/5.0/en/replication-options-s lave.html
>>
>> http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.h tml
>>
>> Thanks,
>>
>>
>>
>>
>> On Mon, May 24, 2010 at 6:45 PM, Carl wrote:
>>
>> Interesting. How is the best way to protect the information while
>> using master - master replication on remote sites? (The data contains
>> the information of children, credit cards and bank accounts.)
>>
>> Thanks,
>>
>> Carl
>>
>> ----- Original Message -----
>> From: John Daisley
>> To: Carl
>> Cc: Walter Heck ; mysql@lists.mysql.com
>> Sent: Monday, May 24, 2010 6:47 AM
>> Subject: Re: Master - master replication
>>
>>
>> also consider that it is much more likely that remote slaves will
>> start falling behind particularly if you throw encryption into the
>> equation.
>>
>> Regards
>>
>> John
>>
>>
>> On 24 May 2010 13:24, Carl wrote:
>>
>> Walter,
>>
>> Don't know how I missed that but it exactly what I needed.
>>
>> Thanks,
>>
>> Carl
>> ----- Original Message ----- From: "Walter Heck"
>>
>> To: "Carl"
>> Cc:
>> Sent: Monday, May 24, 2010 5:49 AM
>> Subject: Re: Master - master replication
>>
>>
>>
>> Hi Carl,
>>
>> On Mon, May 24, 2010 at 13:42, Carl wrote:
>>
>> 1. Is the data visible during transmission?
>>
>> Not sure what you mean there?
>>
>>
>> 2. Is there a way to encrypt the data during transmission?
>>
>> MySQL supports SSL encryption of replication. Here's a good
>> starting
>> point:
>> http://dev.mysql.com/doc/refman/5.1/en/replication-solutions -ssl.html
>>
>> cheers,
>>
>> Walter Heck
>> Engineer @ Open Query (http://openquery.com)
>>
>>
>> --
>> MySQL General Mailing List
>> For list archives: http://lists.mysql.com/mysql
>> To unsubscribe:
>> http://lists.mysql.com/mysql?unsub=john.daisley@butterflysys tems.co.uk
>>
>>
>>
>>
>>
>> --
>> John Daisley
>>
>> Certified MySQL 5 Database Administrator
>> Certified MySQL 5 Developer
>> Cognos BI Developer
>>
>> Telephone: +44 (0)7918 621621
>> Email: john.daisley@butterflysystems.co.uk
>>
>>
>>
>>
>>
>> --
>> Best Regards,
>>
>> Prabhat Kumar
>> MySQL DBA
>> Datavail-India Mumbai
>> Mobile : 91-9987681929
>> www.datavail.com
>>
>> My Blog: http://adminlinux.blogspot.com
>> My LinkedIn: http://www.linkedin.com/in/profileprabhat
>>
>>
>>
>>
>> --
>> John Daisley
>>
>> Certified MySQL 5 Database Administrator
>> Certified MySQL 5 Developer
>> Cognos BI Developer
>>
>> Telephone: +44 (0)7918 621621
>> Email: john.daisley@butterflysystems.co.uk
>>
>
> --
> Patrick Sherrill
> patrick@michael-clarke.com
>
> Michael-Clarke Company, Inc.
> Since 1982
> 825 SE 47th Terrace
> Cape Coral, FL 33904
>
> (239) 945-0821 Office
> (239) 770-6661 Cell
>
> Confidentiality Notice. This email message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply email and destroy all
> copies of the original message.
>


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org