Skip site navigation (1) Skip section navigation (2)

Re: Database Encryption (now required by law in Italy)

From: Dave Ewart <Dave(dot)Ewart(at)cancer(dot)org(dot)uk>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Database Encryption (now required by law in Italy)
Date: 2004-03-05 12:08:02
Message-ID: 20040305120802.GJ13042@nemesis.ox.icnet.uk (view raw or flat)
Thread:
Lists: pgsql-admin
On Friday, 05.03.2004 at 11:17 +0000, Matt Clark wrote:

> > What's wrong with using a LoopAES filesystem?  It protects against
> > someone walking off with the server, or at least the hard disk, and
> > being able to see the data.
> 
> Yes, but only if the password has to entered manually [1] at boot
> time.  And it gives zero protection against someone who gains root
> access to the server.
> 
> [...]
>
> [1] There are ways of avoiding having to enter the info manually, but
> they're very tricky to implement securely.

Not sure I follow this - there's no point AT ALL in using LoopAES if you
can mount the encrypted partitions without needing manual intervention
at boot time.

Dave.
-- 
Dave Ewart
Dave(dot)Ewart(at)cancer(dot)org(dot)uk
Computing Manager, Epidemiology Unit, Oxford
Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370


In response to

Responses

pgsql-admin by date

Next:From: Dave EwartDate: 2004-03-05 12:12:54
Subject: Re: Database Encryption (now required by law in Italy)
Previous:From: Dave EwartDate: 2004-03-05 12:06:48
Subject: Re: Database Encryption (now required by law in Italy)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group