Open Dental Forum

Is there a way to protect a mysql database with a password? I would like to avoid that someone not authorized copy our database on a usb stick for example and leaves with sensible information that can be easily restored and used anywhere. The root password in MySQL seems to be stored at the server level, and not with the database from what I have seen.

Thanks.

Yes. http://www.opendental.com/manual/mysqlsecurity.html
But you would also need to:
1. Physically restrict access to the server.
2. Not share the mysql folder on the network.
3. Use our web service middle tier: http://www.opendental.com/manual/webservice.html
It's not that hard, but it does take some effort and there's a lot that can go wrong. Smaller offices don't usually bother.

Thanks Jordan for your detailed reply. One more question though:

What would happen if someone copied one of the database backups for example (or simply copied the Open dental data folder): would it then be possible for them to restore the database on another machine equipped with MySQL and access the data using Navicat for example, and thus bypass the Myssql password in the xml file mentioned in the security page?

I believe that scenario is possible. So it's important to keep the access to the database files nice and tight. However, if they were to copy over your grant tables and overwrite their own, the password would still stand (at least I'm pretty sure... they might have to restart their service for that to be true). Moral of story, don't go to bed at night with your garage door open. If done correctly, steps one and two of Dr. Spark's post will let you sleep soundly at night.

How would they copy those files in the first place? They don't have the key to the server room (see #1 above), and they can't get to it via a shared folder (see #2 above). So yes, you do need to protect that folder and your backups, both physically and digitally.

Do you know of any dongle or usb hardware that can be used to protect the software? I remember a database software I had that used a dongle. If the dongle wasn't connected the software would not run. I was wondering if there was such a thing that would impede copying the database folders or even running the software.
Jorge Bonilla, DMD

Jorgebon,

I think that is one of the things that make OpenDental great: no lock-ins, dongle being one of those lock-ins.
You lose or break the dongle, you gotta call in and pay $1000. A thousand bucks a bit much you say? Do you have a choice?

Besides, having a dongle isn't going to make me feel any more secure. What if your disgruntled employee steals your dongle? You'd have down time then right? So the solution would be to physically secure your server with said dongle right? You are right back to square one.

Just sayin'

Possible solution. See if this works for your needs:

1) Put your database in a Truecrypt container (truecrypt.org)
2) Create a job in the Task Scheduler to run Truecrypt at 8AM (or whatever time you open the office) which opens up the database (you can do this automatically or require manual password input
3) Task Scheduler also runs mysql so OD can work
4) Task Scheduler shuts down mysql, shuts down the Truecrypt container at office closing time.

This way your physically unsecured server's database could only be copied during work hours by those who physically touch that server.

I don't see why this wouldn't work although I didn't test it.

Another thing, truecrypt is open source. That means Jordan and co. could include it in OD to encrypt/decrypt the database on the fly.

I have been looking at these.. They look cool.
http://biocryptodisk.com/