问题
I am experimenting with AWS, creating a MySQL encrypted database. I have migrated a database there to test it with an application and noticed the data is completely readable although the configuration in AWS says the database is encrypted. I am just wondering if that is the way it should be. Doubt it. I connected using a MySQL standard client so I didn't expect it to be readable. Any clues on this would be great.
回答1:
An encrypted database simply means that the files on permanent storage are encrypted. They will have to be decrypted to be queried. The decrypted information then stays in memory to avoid enormous query times. Since you are using RDS you don't have access to the actual files at rest, so as far as I can tell this simply protects against someone with access to the disks but without access to the memory.
The old security adage applies: If your adversary has physical access all bets are off. It follows that if you want to secure your database contents you have to put it on a machine that only you have access to.
来源:https://stackoverflow.com/questions/40719974/is-my-encrypted-aws-database-really-encrypted