Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Other consequences of FileVault only encrypting $HOME' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Other consequences of FileVault only encrypting $HOME
Authored by: caitifty on Dec 29, '06 11:39:47AM

I use my mac laptop in a medical setting which requires the use of a mysql database containing sensitive medical information. Filevault only encrypts $HOME, and mysql by default stores data in /usr/local. The solution to this (and other security problems where software stores sensitive data outside $HOME) is to move the directory containing the actual data to somewhere inside $HOME and symlink back to where the software expects to find it. In my mysql example (and keep in mind this is specific to my exact version of mysql), this means:

sudo /Library/StartupItems/MySQLCOM/MySQLCOM stop
(to stop mysql before screwing with it..)

mkdir ~/sensitivedata

sudo mv /usr/local/mysql-standard-5.0.22-osx10.4-powerpc/data ~/sensitivedata/

sudo ln -s ~/sensitivedata/data/ /usr/local/mysql-standard-5.0.22-osx10.4-powerpc

sudo /Library/StartupItems/MySQLCOM/MySQLCOM start
(to restart the server)

The other big pain from this is that setting mysql to automatically start on startup will no longer work - it'll try and start while the data files are still encrypted and fail. Easy enough to start it by hand (or your own script) after you're fully logged in, but still..

[ Reply to This | # ]