Alle 22:16, domenica 7 marzo 2004, matt(at)ymogen(dot)net ha scritto:
> The EU directive (and therefore the laws of indiviual countries) requires
> that if someone gets access to your *DATABASE* they cannot get personal
> details of individuals out of it. That is all. It is intended to protect
> people against the kind of idiotic organisations that put their customer
> lists in an Excel sheet on their extranet without a password.
> This thread has covered many interesting and diverting issues, but the
> fundamental issue of legal compliance is more than satisfied by:
> 1) Encrypting 'personal information' stored in a DB
Fine! Now tell me: how do you perform such encryption on PostgreSQL? Using
pgcrypto and suppling your password from external (PHP, Python) code? Where
do you store this password? In a config.php file? How many different
encryption/decryption programs/implementations/logics are you willing to have
on your "n" PostgreSQL servers? How do you maintain them (after the original
programmers are gone)?
Using a few commercial RDBMS, it is just a matter to switch the encryption
feature on and supply the required password each time you start the RDBMS
service up. Unfortunately, PostgreSQL does not supply us with such a
comfortable feature. So, how many commercial licenses of your favorite
commercial RDBMS are you willing (or can you afford) to buy to replace all
your PostgreSQL servers? How much time (programmer's working hours, each at
50 Euro average cost) are you willing to invest in converting your
PostgreSQL databases to SQL Server, for example?
I'm perfectly aware that law is clear and simple. Nevertheless, its
> 2) Keeping the keys on a different server than the DB
Fine. How and when do you supply the password to the encryption/decryption
process? On demand? At postmaster init time? Using which channel/method?
XML-RPC? SOAP? How do you protect them from a hacker's program that tries to
impersonate the legitimate encrypting program and ask for it?
Once again, Devil is in the details...
> 3) Making reasonable efforts  to keep those keys secrets
>  As far as I can tell from discussions with the Data Protection
> Registrar, you do not have to protect them against someone rooting the app
> server (since that is essentially impossible without silly investments in
> specialised hardware or other excessive costs).
What does "reasonable" mean? We defined already that we are not forced to
replace Police in fighting organized crime but we still have to define a lot
of details. For example: 15.000 euro for a new database license and the
porting of data is a "silly investemen" or a "reasonable investement"? Read
the italian law and you will get surprised from the answer.
Again, I'm sorry to bother you all with such details. Just give me a solution
(that is: a PostgreSQL database encryption method I can actually use) and I
will let you alone.
Alessandro Bottoni and Silvana Di Martino
In response to
pgsql-admin by date
|Next:||From: Amit Kush||Date: 2004-03-08 10:12:22|
|Subject: Re: Help! Regarding Pg for posgreSQL|
|Previous:||From: Peter Galbavy||Date: 2004-03-08 09:32:55|
|Subject: Re: Database Encryption (now required by law in Italy)|