Skip site navigation (1) Skip section navigation (2)

Re: [PHP] Secure DB Systems - How to

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Daniel Struck <struck(dot)d(at)retrovirology(dot)lu>
Cc: Sarah Tanembaum <sarahtanembaum(at)yahoo(dot)com>,pgsql-php(at)postgresql(dot)org, pgsql-admin(at)postgresql(dot)org,pgsql-hackers-win32(at)postgresql(dot)org, pgadmin-support(at)postgresql(dot)org,pgsql-sql(at)postgresql(dot)org
Subject: Re: [PHP] Secure DB Systems - How to
Date: 2004-07-13 12:38:17
Message-ID: 20040713123817.GB3710@wolff.to (view raw or flat)
Thread:
Lists: pgadmin-supportpgsql-adminpgsql-hackers-win32pgsql-phppgsql-sql
On Tue, Jul 13, 2004 at 11:35:57 +0200,
  Daniel Struck <struck(dot)d(at)retrovirology(dot)lu> wrote:
> > Keeping the system administrator from seeing the data while making it
> > searchable is difficult. To do this you need to encrypt the data on
> > the client side using a key the client has (and this key has to be
> > protected from loss) and the only searches you can do are equality
> > searches using a hash or encrypted value.
> 
> You can also perform regex searches.

If you decrypt the data on the database, the sysadmin can see it.
If you are willing to take that chance (e.g. if you primary concern is
some third party getting a snapshot of the DB), then you can do lots of
things.

In response to

Responses

pgsql-php by date

Next:From: Daniel StruckDate: 2004-07-13 13:18:38
Subject: Re: [PHP] Secure DB Systems - How to
Previous:From: Daniel StruckDate: 2004-07-13 09:35:57
Subject: Re: [PHP] Secure DB Systems - How to

pgsql-admin by date

Next:From: Jim SeymourDate: 2004-07-13 13:10:04
Subject: Re: Slony NG
Previous:From: Bruno Wolff IIIDate: 2004-07-13 12:35:35
Subject: Re: Slony NG

pgadmin-support by date

Next:From: Daniel StruckDate: 2004-07-13 13:18:38
Subject: Re: [PHP] Secure DB Systems - How to
Previous:From: Daniel StruckDate: 2004-07-13 09:35:57
Subject: Re: [PHP] Secure DB Systems - How to

pgsql-hackers-win32 by date

Next:From: Merlin MoncureDate: 2004-07-13 12:51:13
Subject: Re: PostGre and Windows XP
Previous:From: Daniel StruckDate: 2004-07-13 09:35:57
Subject: Re: [PHP] Secure DB Systems - How to

pgsql-sql by date

Next:From: Bob ArensDate: 2004-07-13 12:56:00
Subject: Query plan discrepancies
Previous:From: vaibhav singhDate: 2004-07-13 11:40:20
Subject: [ocpfree] Query Optimization Help Needed.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group