Re: Database Encryption (now required by law in Italy)

From: Lamar Owen <lowen(at)pari(dot)edu>
To: "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com>
Cc: Silvana Di Martino <silvanadimartino(at)tin(dot)it>, Alex Page <alex(dot)page(at)cancer(dot)org(dot)uk>, <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Database Encryption (now required by law in Italy)
Date: 2004-03-06 13:55:12
Message-ID: 200403060855.12265.lowen@pari.edu
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Friday 05 March 2004 03:34 pm, scott.marlowe wrote:
> Sorry, but that's the wrong answer. Once someone has root on a unix box
> her can do ANYTHING he wants. and he can cover his tracks.

This is what things like the capabilities system and SELinux are designed to
prevent in the Linux world. As Fedora Core 2 will ship with SELinux
installed and enabled, it will become much more difficult for someone to
randomly get root and do damage. It is quite simple with SELinux to prevent
any of the attacks you mentioned. Root is no longer root. Things on an
SELinux system, or a system fully implementing the kernel capabilities model,
can indeed be locked away from root, at least in network attached multiuser
mode. This does, of course, make maintenance of the data more difficult; one
must be at the console in a special mode to do full maintenance. But someone
remotely cracking root no longer is the threat they once were, when some
system like SELinux is in use.
--
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC 28772
(828)862-5554
www.pari.edu

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message VanderLeeden 2004-03-06 14:56:20 Re: Help! Regarding Pg for posgreSQL
Previous Message Silvana Di Martino 2004-03-06 13:39:28 Re: How to do fast, reliable backups?