Skip site navigation (1) Skip section navigation (2)

Re: Database Encryption (now required by law in Italy)

From: "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com>
To: Silvana Di Martino <silvanadimartino(at)tin(dot)it>
Cc: Alex Page <alex(dot)page(at)cancer(dot)org(dot)uk>, <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Database Encryption (now required by law in Italy)
Date: 2004-03-05 20:34:39
Message-ID: Pine.LNX.4.33.0403051333120.17467-100000@css120.ihs.com (view raw or flat)
Thread:
Lists: pgsql-admin
On Fri, 5 Mar 2004, Silvana Di Martino wrote:

> Alle 19:38, venerdì 5 marzo 2004, scott.marlowe ha scritto:
> > > Unfortunately, the new Italian law forces us to take seriously into
> > > account this catastrophic scenario and another one that is almost as
> > > worring: an unfaithful SysAdmin that copies your data and sells them to
> > > KGB. So, database encryption (and not disk encryption) is the _only_
> > > answer.
> >
> > the only way for this to work is for it to be a "two key system" like the
> > military uses for missile launch.
> >
> > One sysadmin as the "key" to the database box, but the data is encrypted
> > before being sent to the database box on another system with another admin
> > with another "key".  Preferably these two would never interact or know
> > each other.
> 
> Well, this is not necessarly true. Data maintainers and SysAdmin performs 
> different tasks (accordingly to italian law):
> - SysAdmins take care of the hardware and of the software. They should never 
> need to access data. They just need to access the RDBMS software and its 
> configuration.
> - Just Data Maintainers need to access data.
> This should allow us to have two password for two different tasks. So, there 
> is not any need to use the military scheme to enforce data security.

Sorry, but that's the wrong answer.  Once someone has root on a unix box 
her can do ANYTHING he wants.  and he can cover his tracks.  If the 
encryption takes place on his box, he can attach to the process doing the 
encryption and /or replace it with a trojan copy of his own and get your 
data.  The ONLY way to keep the data secure is  for it to be encrypted 
elsewhere before it gets to the storage box.  If the box that stores it 
encrypts, it, the root user on that box can impersonate anyone and any 
process on that box to get to the data in mid stream.


In response to

Responses

pgsql-admin by date

Next:From: Stephan SzaboDate: 2004-03-05 20:44:35
Subject: Re: Database Encryption (now required by law in Italy)
Previous:From: Silvana Di MartinoDate: 2004-03-05 20:29:47
Subject: Re: Database Encryption (now required by law in Italy)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group