| From: | Radu-Adrian Popescu <radu(dot)popescu(at)aldratech(dot)com> |
|---|---|
| To: | Mitch Pirtle <mitchy(at)spacemonkeylabs(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Database Encryption (now required by law in Italy) |
| Date: | 2004-03-05 18:46:16 |
| Message-ID: | 4048CAF8.7030205@aldratech.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mitch Pirtle wrote:
| Dave Ewart wrote:
|
|> If you find any 'automated' front-end to do this at the
|> database-level, rather than something like loopback at the
|> filesystem level or at the field level for specific fields, I
|> think there would be a lot of interest.
|
|
| But that is the problem, isn't it? Any 'automated'
| encryption/decryption will be just as useful to the would-be
| perpetrator of data theft. This is like having an automatic alarm
| system on your car that works for anyone that walks up to it.
|
| The same logic applies to encrypting the data in the database -
| somewhere on your server the application has to know how to decrypt
| it, and that means anyone that gains access to your server will
| have that ability also... I understand (and demand) requiring SSL
| connections for database clients, and MD5 hashing of passwords
| before storing in the database, but implementing two-way encryption
| of database data just doesn't make sense to me.
|
| -- Mitch
|
| ---------------------------(end of
| broadcast)--------------------------- TIP 1: subscribe and
| unsubscribe commands go to majordomo(at)postgresql(dot)org
|
|
My point and I think Mitch's point is this: if you use the data when
you receive it, and then encrypt it and store it, then you offer
nothing to a possible intruder
and are safe and sound, provided that you use a PKI scheme, where your
application has only the public key that it encrypts with.
If you also take data out and decrypt it, then you must do so in a
manner that does not compromise the system. That is, transfer the needed
data to a known to be safe location, such as the computer in front of
you, and decrypt it there. At all times, except when you use the data
at another
location, the secret (decryption) key does not reside anywhere near
the data. If someone stole your hard disk, they can make really good
use of it
by storing porn flics over your DB, but they can never, ever retrieve
that data.
Cheers,
- --
Radu-Adrian Popescu
CSA, DBA, Developer
Aldratech Ltd.
+40213212243
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFASMr4VZmwYru5w6ERAhLFAJ9oLXaahBMEZelYcdjzMIcr+vnLfQCffRbf
WoSqd/9IZRmyrtVWwRzBEgw=
=wN4g
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Ruprecht | 2004-03-05 18:59:28 | Re: Database Encryption (now required by law in Italy) |
| Previous Message | Bruno Wolff III | 2004-03-05 16:44:27 | Re: Database Encryption (now required by law in Italy) |