Jump to content
  • 0

mariaDB support in V4

siteAdmin

Asked by siteAdmin,

 Share

Question

siteAdmin Newbie

siteAdmin

Posted
Posted

Hi to all Blesta fans,

This is my first post.

I am here because I have read a lot about the Blesta security features and interested in purchasing one soon.

Obviously I have many questions. But my main questions are 1)  if V4 will support mariaDB 10.1.18  and 2) if V4 will have any feature to support mariaDB's data-at-rest encryption OR AWS Key Management service. Thank you.

 

10 answers to this question

Recommended Posts

  • 0
Michael Apprentice

Michael

Posted
Posted
21 minutes ago, siteAdmin said:

@Licensecart

Thanks for the reply.

Any idea on Q's 2 & 3?

Sorry I can't help on that since I don't modify system stuff :) I just use mariaDB and leave it as that.

  • 0
Paul Rising Star

Paul

Posted
Posted
1 hour ago, siteAdmin said:

Obviously I have many questions. But my main questions are 1)  if V4 will support mariaDB 10.1.18  and 2) if V4 will have any feature to support mariaDB's data-at-rest encryption OR AWS Key Management service. Thank you.

I have no experience with MariaDB's data-at-rest encryption or AWS key management service (I assume that's related to db encryption?). Are there any special requirements? According to https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/, it seems like the application would be responsible for setting encryption on the tables. If so, then it would be unsupported.

  • 0
siteAdmin Newbie

siteAdmin

Posted
  • Author
Posted

@Paul

Thanks for the reply.

Yes, it is related to the db encryption and there is one good advantage (over AES encryption/decryption) on that feature. Don't want to go into too many technical details here as it is a server security related issue.

BTW, does Blesta have a feature to encrypt all the fields or just few selected fields by default?. However, I have noticed that custom fields do have the option to encrypt. And one more question. Can these custom fields (whether encrypted or not) be included in webhooks?

 

  • 0
siteAdmin Newbie

siteAdmin

Posted
  • Author
Posted

Re mariaDB data-at-rest encryption or AWS key management service, one can select the tables/spaces  either to be encrypted or not. So, if that can happen on the Blesta then there wont be any chances for any hacker to change db content. It is possible that someone can delete the data but not to read it. The AWS KMS can rotate the keys and they kept away from the app so make it impossible to crack.

  • 0
Michael Apprentice

Michael

Posted
Posted
25 minutes ago, siteAdmin said:

@Paul

Thanks for the reply.

Yes, it is related to the db encryption and there is one good advantage (over AES encryption/decryption) on that feature. Don't want to go into too many technical details here as it is a server security related issue.

BTW, does Blesta have a feature to encrypt all the fields or just few selected fields by default?. However, I have noticed that custom fields do have the option to encrypt. And one more question. Can these custom fields (whether encrypted or not) be included in webhooks?

 

Blesta encrypts data with a one-way bcrypt hash, and the modules set the encryption of services etc, and custom fields and the universal module you can set the fields to be encrypted.

  • 0
siteAdmin Newbie

siteAdmin

Posted
  • Author
Posted

Well, I have not yet seen a database fields of a Blesta db. Once the v4 is released I shall get one and see how best it can be customized to implement mariaDB's data-at-rest encryption method. Having the key stored in the config file is not going to do much in today's hackers' world.:)

  • 0
Paul Rising Star

Paul

Posted
Posted

Certain fields are encrypted automatically, but modules and plugins can define which fields to encrypt. Because search operations cannot be performed on encrypted data, we usually don't recommend encrypting all fields, but that's a decision the developer should make.

This page should give you a basic understanding of what is encrypted in Blesta and how it's performed: https://docs.blesta.com/display/user/Encryption

  • 0
siteAdmin Newbie

siteAdmin

Posted
  • Author
Posted
8 minutes ago, Paul said:

Certain fields are encrypted automatically, but modules and plugins can define which fields to encrypt. Because search operations cannot be performed on encrypted data, we usually don't recommend encrypting all fields, but that's a decision the developer should make.

This page should give you a basic understanding of what is encrypted in Blesta and how it's performed: https://docs.blesta.com/display/user/Encryption

Thanks for that.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...