Along with AES_ENCRYPT for the fields, if you are storing sensitive information, better enable SSLover the wire too. Also consider network separation (vlan) of the sensitive database machines and other standard security practices. Key storage is important (where is that shared aes key hanging out, surely not on the webserver(s)!) and consider the impact on indexes/queries since searching or joining table data will not be as simple as it once was.

除了字段的 AES_ENCRYPT 外，如果您要存储敏感信息，也最好通过网络启用 SSL。还要考虑敏感数据库机器的网络分离 (vlan) 和其他标准安全实践。密钥存储很重要（共享 aes 密钥在哪里，肯定不在网络服务器上！）并考虑对索引/查询的影响，因为搜索或连接表数据不会像以前那样简单。

There are (at least) two approaches actually. You can encrypt data stored in your tables (using EAS/DES functions for example http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html)

实际上有（至少）两种方法。您可以加密存储在表中的数据（使用 EAS/DES 函数，例如http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html）

Or you can use encrypted hard disk partition to store your data folders (for example with TrueCrypt)

或者您可以使用加密的硬盘分区来存储您的数据文件夹（例如使用 TrueCrypt）

What's the value of encrypting the database at the field level? Is this what you really want, or will it be sufficient to encrypt at the OS or SAN level? Do you plan to roll-over the keys, or just keep the same encryption key for eternity? Will encryption break table indexes, references or field types? How will you share the encryption key across a database cluster?

在字段级别加密数据库的价值是什么？这是您真正想要的，还是在 OS 或 SAN 级别进行加密就足够了？您打算滚动密钥，还是永远保留相同的加密密钥？加密会破坏表索引、引用或字段类型吗？您将如何跨数据库集群共享加密密钥？

I'm only raising these points because database encryption is usually something management wants, but no-one really can explain the value-add or how it will be implemented...

我只是提出这些观点，因为数据库加密通常是管理层想要的，但没有人真正能解释增值或如何实施......

Think what you try to achieve with the encryption? There's no simple secure solution unfortunately.

想想你试图通过加密实现什么？不幸的是，没有简单的安全解决方案。

Remember that the key you are using for encryption can be fetched from your code. So from hacker perspective, getting around that encryption is quite easy. You need to think your architecture and infra as well.

请记住，您用于加密的密钥可以从您的代码中获取。所以从黑客的角度来看，绕过加密是很容易的。您还需要考虑您的架构和基础设施。

First of all, only data encryption is not the answer.

首先，只有数据加密不是答案。

You should know and control "Who can access and accessed data".

您应该知道并控制“谁可以访问和访问数据”。

Although you encrypt data itself, attacker can get the encrypted data. To prevent it, you should control the access privilege or authority. Also, you should know who accessed encrypted data. Because in these days, data can be stolen by not only external users, but also internal users.

尽管您对数据本身进行了加密，但攻击者可以获得加密的数据。为了防止它，您应该控制访问权限或权限。此外，您应该知道谁访问了加密数据。因为在这些日子里，不仅外部用户可以窃取数据，内部用户也可以窃取数据。

You should encrypt data, control privilege and audit who accessed.

您应该加密数据，控制权限并审核访问者。

In those days, those three(3) technology have been developed in each way. Most companies have bought each solutions.

在那些日子里，这三 (3) 项技术已经在各个方面得到发展。大多数公司都购买了每种解决方案。

But for personal user, it is hard to buy it and build those environment itself. In addition, MySQL's Encryption Function doesn't provide those functions.

但是对于个人用户来说，很难购买并自行构建这些环境。此外，MySQL 的加密功能不提供这些功能。

I would you like to review this linkthat provides those three(3) functions.

我你想查看这个链接，提供的三（3）功能。

In my experience, it can provide certain security.(I'm CISO of SME.)

根据我的经验，它可以提供一定的安全性。（我是中小企业的 CISO。）