2

Context: Rackspace CloudServers.

The options I can find are rather slim. Amazon will encrypt the whole disk (meh), Gazzang could encrypt a virtual partition with just the DB files on it (if the company was still around), I could encrypt the data at the column level (no good, can't search)... or I could use MariaDB.

I desperately want MySQL 5.7.9's JSON column, but it seems like MariaDB is my only good encryption option.

Is there a good option other than MariaDB for table-level encryption? Is MariaDB's encryption a good solution? Is at-rest encryption in a cloud environment really worth it?

Scott C
  • 211
  • 2
  • 5
  • MariaDB supports dynamic columns including a json format (`COLUMN_JSON`) + tablespace encryption. MariaDB is also faster and more stable, I have abondoned native MySQL several years ago (in business and private) and I didn't regret it. 1. MariaDB 2. Percona 3. native MySQL – Daniel W. Oct 21 '15 at 11:05
  • Btw. [Colin Charles has been talking](https://www.codetalks.de/2015/programm/security-for-mariadb-mysql-mariadb-mysql-security-essentials) about all this and if you really need a GOOD answer, go and try to contact him (he is a MariaDB developer). – Daniel W. Oct 21 '15 at 11:07
  • 1
    For your last question, see http://serverfault.com/a/484715/126632 – Michael Hampton Oct 21 '15 at 11:24
  • It looks like MariaDB is planning on using MySQL 5.7's JSON. https://speakerdeck.com/rasmushoj/mariadb-roadmap-session?slide=4 – Scott C Oct 21 '15 at 12:34

1 Answers1

1

As hinted to in the comments to the question, MariaDB was planning to implement a JSON data type, and indeed they now have (sort of). As of MariaDB 10.2.7 there is now a JSON data type (which is an alias for LONGTEXT). See the MariaDB documentation for details.

As of MySQL 5.7.11 there is also a InnoDB tablespace encryption feature. MariaDB has supported at-rest encryption since version 10.1.3.

The Percona Blog did a comparison of MariaDB and MySQL at-rest encryption back in 2016. In my view MariaDB comes out favourably here as it can encrypt not only tables, but also redo/undo logs, binary/relay logs. Note that while Percona Xtrabackup doesn't support MariaDB's encryption, MariaDB Backup (a fork of Xtrabackup) does.

dbdemon
  • 161
  • 6