From: | Richard Broersma <richard(dot)broersma(at)gmail(dot)com> |
---|---|
To: | Craig James <craig_james(at)emolecules(dot)com> |
Cc: | Kris Deugau <kdeugau(at)vianet(dot)ca>, pgsql-admin(at)postgresql(dot)org |
Subject: | Re: secret key for encryption |
Date: | 2010-07-16 17:33:07 |
Message-ID: | AANLkTinpzpG7WNv267p-gSloB-ARyndqAFf0TwH-fgeW@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On Fri, Jul 16, 2010 at 10:26 AM, Craig James
<craig_james(at)emolecules(dot)com> wrote:
> On 7/16/10 10:14 AM, Kris Deugau wrote:
>>
>> Craig James wrote:
>>>
>>> This isn't exactly a Postgres question, but I hope someone in the
>>> community has solved it.
>>>
>>> I want to encrypt some data in Postgres that arrives from Apache. How
>>> do you store an encryption key in such a way that Apache CGIs can get
>>> it, but a hacker or rogue employee who manages to access the machine
>>> can't find out the encryption key?
>>
>> Short answer: You don't.
>>
>> Longer answer: You can tie things up with public-key encryption so that
>> a different system can retrieve the data, but the system that put it in
>> can't because it only has the public (encryption) key, not the private
>> (decryption) key.
>>
>> Even that isn't safe from a rogue employee - what if that rogue is your
>> seniour sysadmin with full root access on all your systems?
>
> If we assume no escalation of priviliges, that is, Apache stays apache and
> users can't escalate to root, what then?
>
> This must be a solved problem. Credit-card numbers are required to be
> encrypted by law. It wouldn't make sense for them to be encrypted but then
> find that the password is sitting around where anyone can find it. There
> must be any number of Postgres users who store encrypted credit card numbers
> and other personal data. How do they solve this problem?
Bruce has a presentation on this subject:
http://momjian.us/main/writings/pgsql/securing.pdf
Although, I don't know if it has an illustration that exactly matches
your problem.
--
Regards,
Richard Broersma Jr.
Visit the Los Angeles PostgreSQL Users Group (LAPUG)
http://pugs.postgresql.org/lapug
From | Date | Subject | |
---|---|---|---|
Next Message | ENGEMANN, DAYSE | 2010-07-16 17:33:42 | How to move a database from HP server to Linux Server that had already one database. |
Previous Message | Craig James | 2010-07-16 17:26:35 | Re: secret key for encryption |