>Is there a way to protect data files from access by root ?
Encryption. However, this only works if you *NEVER* have unencrypted
data on any host (or network) that this administrator controls. It
might be an acceptable setup if this admin is storing encrypted
backups (which are encrypted on the active site, then sent to the
backup archival system). You can protect from the admin of the
backup archival system; you can't protect against the active site
admin.
It makes it harder for the admin if the password to decrypt the
data has to be entered by the web page user. This means "authorized
users only", and you can't run things like a public forum site this
way. Of course, the admin could modify Apache to log passwords and
parameters passed to web pages.
Little story from long ago: I once rigged up a version of cron
that read an encrypted crontab, with something like popen("cat
crontab | decrypt key", "r"). I challenged a co-admin to figure
out what it was doing. After a couple of weeks, he said "Go look
at what I did to your secret file". He had done nothing, BUT he
got me to decrypt the file. He had modified the system decrypt
routine to log keys. Then he handed me a printout of the file the
next day.
I have a data-centered website and would like to protect data piracy
from any foot-loose hosting company employee.
Any ideas?
If you are talking about a combination web site/database hosting,
where the web site has to use the (unencrypted) data, it's nearly
impossible. The web site has to have the keys to decrypt the data,
and that info is on the system where the admin can get at it. It
might help a little if the web site and the database site are under
different administrative control (and perhaps in different countries).
Still, the web site MUST have the info needed to access the database.
It is still a good idea to encrypt certain fields of your database,
(such as credit card numbers), in case parts of the data, like an
old database backup WITHOUT all the web content also, ends up in a
dumpster where someone finds it. Also, should you end up in court,
encrypting the credit card numbers demonstrates that you made SOME
effort to protect them against, say, the database being accidentally
made downloadable from the web site and Google indexes it.
Gordon L. Burditt