| From: | "Jules Alberts" <jules(dot)alberts(at)arbodienst-limburg(dot)nl> |
|---|---|
| To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Securing sensitive information |
| Date: | 2002-08-29 13:47:14 |
| Message-ID: | 200208291351.g7TDpISM027949@artemis.cuci.nl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 29 Aug 2002 at 20:42, Jean-Christian Imbeault wrote:
> I've scoured the web and can't seem to find any definitive on how to
> secure sensitive information in a DB, postgresQL in particular.
>
> Most suggestions rely upon encrypting the data. This is all fine and
> well except for the one nagging question I keep having: how do you
> protect the password that is needed to decrypt the data? Maybe I'm
> missing something?
>
> Can anyone recommend any good web documents on how to secure sensitive
> information?
I haven't really looked into it, but will have too some day. Our db
will be running postgresql and will contain medical data.
AFAIK there is an encryption module in contrib, I have no idea how it
works though. Also, make sure any connections made to the database are
secure (there's a built-in SSL if you compiled correctly). Other
options are OpenSSL and stunnel. A google on these keywords +
postgresql should be your friend.
--
Jules Alberts.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-08-29 13:56:44 | Re: BUG?: timestamp without TZ created as timestamp *with* TZ |
| Previous Message | Jean-Christian Imbeault | 2002-08-29 13:39:24 | BUG?: timestamp without TZ created as timestamp *with* TZ |