Re: Database Encryption (now required by law in Italy)

Alle 09:32, lunedì 8 marzo 2004, Peter Galbavy ha scritto:
> Perhaps, given the potential commercial necessities of this for larger
> organisations, find out what Oracle and IBM propose doing or have
> implemented ?

I do not know of IBM.

Oracle has a system similar to pgcrypto but more sophisticated. I do not know
if it can use encrypted indexes, encrypted dates and encrypted times (it is
likely but I did not tried, yet). It stores its "global encryption password"
into a system table in encrypted form. Only authenticated users can decrypt
data.

Something like that can be done with PostgreSQL, as well. The problem is that
I have to store somewhere a password in clear text (either the password used
to encrypt/decrypt data or the password used to decrypt this password).
Oracle has a built-in feature for encrypting/decrypting this password's
password.

> For strict comformance, you really should consult a local legal
> professional for their opinion, and be prepared to pay for that protection.

We are doing it. Unfortunately, our lawyer still have to discuss technical
problems with a technician (that is: me).

BTW: It looks like I'm the only one here facing this problem. That's
surprising, given the number of countries that have a law like the italian
one and the wide diffusion of PostgreSQL.

See you.
-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni(at)interfree(dot)it
silvanadimartino(at)tin(dot)it