Jump to content
  • 0

mariaDB support in V4

siteAdmin

Asked by siteAdmin,

 Share

Question

siteAdmin Newbie

siteAdmin

Posted
Posted

Hi to all Blesta fans,

This is my first post.

I am here because I have read a lot about the Blesta security features and interested in purchasing one soon.

Obviously I have many questions. But my main questions are 1)  if V4 will support mariaDB 10.1.18  and 2) if V4 will have any feature to support mariaDB's data-at-rest encryption OR AWS Key Management service. Thank you.

 

10 answers to this question

Recommended Posts

  • 0
Paul Rising Star

Paul

Posted
Posted
  On 10/13/2016 at 6:40 PM, siteAdmin said:

Obviously I have many questions. But my main questions are 1)  if V4 will support mariaDB 10.1.18  and 2) if V4 will have any feature to support mariaDB's data-at-rest encryption OR AWS Key Management service. Thank you.

Expand  

I have no experience with MariaDB's data-at-rest encryption or AWS key management service (I assume that's related to db encryption?). Are there any special requirements? According to https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/, it seems like the application would be responsible for setting encryption on the tables. If so, then it would be unsupported.

  • 0
siteAdmin Newbie

siteAdmin

Posted
  • Author
Posted

@Paul

Thanks for the reply.

Yes, it is related to the db encryption and there is one good advantage (over AES encryption/decryption) on that feature. Don't want to go into too many technical details here as it is a server security related issue.

BTW, does Blesta have a feature to encrypt all the fields or just few selected fields by default?. However, I have noticed that custom fields do have the option to encrypt. And one more question. Can these custom fields (whether encrypted or not) be included in webhooks?

 

  • 0
siteAdmin Newbie

siteAdmin

Posted
  • Author
Posted

Re mariaDB data-at-rest encryption or AWS key management service, one can select the tables/spaces  either to be encrypted or not. So, if that can happen on the Blesta then there wont be any chances for any hacker to change db content. It is possible that someone can delete the data but not to read it. The AWS KMS can rotate the keys and they kept away from the app so make it impossible to crack.

  • 0
Michael Apprentice

Michael

Posted
Posted
  On 10/13/2016 at 8:07 PM, siteAdmin said:

@Paul

Thanks for the reply.

Yes, it is related to the db encryption and there is one good advantage (over AES encryption/decryption) on that feature. Don't want to go into too many technical details here as it is a server security related issue.

BTW, does Blesta have a feature to encrypt all the fields or just few selected fields by default?. However, I have noticed that custom fields do have the option to encrypt. And one more question. Can these custom fields (whether encrypted or not) be included in webhooks?

 

Expand  

Blesta encrypts data with a one-way bcrypt hash, and the modules set the encryption of services etc, and custom fields and the universal module you can set the fields to be encrypted.

  • 0
siteAdmin Newbie

siteAdmin

Posted
  • Author
Posted

Well, I have not yet seen a database fields of a Blesta db. Once the v4 is released I shall get one and see how best it can be customized to implement mariaDB's data-at-rest encryption method. Having the key stored in the config file is not going to do much in today's hackers' world.:)

  • 0
Paul Rising Star

Paul

Posted
Posted

Certain fields are encrypted automatically, but modules and plugins can define which fields to encrypt. Because search operations cannot be performed on encrypted data, we usually don't recommend encrypting all fields, but that's a decision the developer should make.

This page should give you a basic understanding of what is encrypted in Blesta and how it's performed: https://docs.blesta.com/display/user/Encryption

  • 0
siteAdmin Newbie

siteAdmin

Posted
  • Author
Posted
  On 10/13/2016 at 8:46 PM, Paul said:

Certain fields are encrypted automatically, but modules and plugins can define which fields to encrypt. Because search operations cannot be performed on encrypted data, we usually don't recommend encrypting all fields, but that's a decision the developer should make.

This page should give you a basic understanding of what is encrypted in Blesta and how it's performed: https://docs.blesta.com/display/user/Encryption

Expand  

Thanks for that.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to question listing
×
×
  • Create New...