Storing Sensitive Information with MySQL

Do you store personal information in your database?
Do you keep valuable financial data such as credit card numbers?
Are there medical records in your database?
Do you do business in Europe where privacy laws place strict limits on the information stored in your database?
Do you worry about hackers and dishonest clerks abusing your data?

If you need to take special precautions with information, then this course is for you. The curriculum uses a dozen case studies to show you how to go above and beyond the traditional access controls to provide true security. The case studies are based on actual problems encountered by database administrators and the solutions use novel techniques to lock out eavesdroppers, hackers, traitorous clerks, and anyone else without a right to see the information.

Each participant will get a complimentary copy of "Translucent Databases", a book focusing on creating databases that balance the need to shield sensitive information without preventing legitimate use. The book comes with numerous examples using MySQL and Java. Participants also receive a royalty-free license to use the source code in the examples.

Upcoming Sessions

Course Details

The course is broken into short modules followed by plenty of time for discussion and questions. We will be in constant contact with MySQL developers and we guarantee that all questions will be answered. Each participant also receives a copy of the course slides.

Some of the major modules:

• An introduction to the dangers of databases.
• How building "translucent databases" can avoid the dangers and protect the information.
• Creating a central database that is secure even if an attacker finds the root password to the database or the operating system.
• How one-way functions like MD5 can obscure information without destroying it.
• How to design encryption functions to hide information without exposing it to eavesdroppers, errant clerks, and malicious attackers.
• How to quantize information and strip away sensitive information without destroying all value to the data.
• How to create accounting systems to track the flow of money without exposing this information to abuse.
• How to add spurious entries to confuse eavesdroppers without detering authorized users.

Some of the case studies:

• A credit card database that locks out suspicious customers without making information available to untrustworthy clerks.
• A database that stores the locations of naval ships in a way that keeps them safe from harm.
• An anti-rape database that identifies trends without containing any personal information.
• A babysitter scheduling service that matches parents with available sitters while protecting the sitters' identities and locations.
• A department store database that guards the modesty of customers.
• A private accounting system that detects fraud without revealing information.
• A poker game for the Internet that prevents cheating.
• A pharmacy database for preventing dangerous drug interactions while keeping medical records secure.
• A tool for travel agents to protect their clients from stalkers and kidnappers.
• A stock exchange transaction mechanism designed to stop insider-trading.
• A website logfile tool that provides accurate counts of visitors while protecting their identities.
• A credit-card database for defending crucial e-commerce transactions.
• A patent search tool that doesn't reveal the nature and focus of the search.
• A conference bulletin board that routes messages without helping stalkers.
• A tool for studying the radon concentration in homes without maintaining personal information.
• An anti-money laundering database.

All of the case studies come with solutions crafted from MySQL and Java. All participants get royalty-free licenses to use the code in their businesses. Taking the course can be faster than coding the solutions yourself!

About the instructor:

Peter Wayner is the author of ten books including Translucent Databases, Disappearing Cryptography, Digital Cash, Free for All, Java and Javascript Programming, and Data Compression.