Skip site navigation (1) Skip section navigation (2)

Re: [PHP] Secure DB Systems - How to

From: "Sarah Tanembaum" <sarahtanembaum(at)yahoo(dot)com>
To: pgsql-sql(at)postgresql(dot)org
Cc: pgsql-php(at)postgresql(dot)org, pgsql-admin(at)postgresql(dot)org,pgsql-hackers-win32(at)postgresql(dot)org, pgadmin-support(at)postgresql(dot)org
Subject: Re: [PHP] Secure DB Systems - How to
Date: 2004-07-12 21:48:34
Message-ID: ccuv7a$die$1@sea.gmane.org (view raw or flat)
Thread:
Lists: pgadmin-supportpgsql-adminpgsql-hackers-win32pgsql-phppgsql-sql
Thanks Bruno.

I see the potential challenge. If the field value is encrypted, how can
search be done for certain value? Do I have to seach for the encrypted
value? If so, what password or key should I use?

Thanks


"Bruno Wolff III" <bruno(at)wolff(dot)to> wrote in message
news:20040709152722(dot)GA20935(at)wolff(dot)to(dot)(dot)(dot)
> On Thu, Jul 08, 2004 at 11:49:36 -0400,
>   Sarah Tanembaum <sarahtanembaum(at)yahoo(dot)com> wrote:
> > I was wondering if it is possible to create a secure database system
> > usingPostgreSQL/PHP combination?
> >
> > I have the following in mind:
> >
> > I wanted to store all my( and my brothers and sisters) important
document
> > information such as birth certificate, SSN, passport number, travel
> > documents, insurance(car, home, etc) document, and other important
documents
> > imagined in the database.
> >
> > The data will be entered either manually and/or scanned(with OCR). I
need to
> > be able to search on all the fields in the database.
> >
> > We have 10 computers(5bros, 4sisters, and myself) plus 1 server with I
> > maintained. The data should be synchronize/replicate between those
> > computers.
> >
> > Well, so far it is easy, isn't it?
> >
> > Here's my question:
> >
> > a) How can I make sure that it secure so only authorized person can
> > modify/add/delete the information? Beside transaction logs, are there
any
> > other method to trace any transaction(kind of paper trail)?
>
> Keeping the system administrator from seeing the data while making it
> searchable is difficult. To do this you need to encrypt the data on
> the client side using a key the client has (and this key has to be
> protected from loss) and the only searches you can do are equality
> searches using a hash or encrypted value.
>
> The system administrator can always delete the data.
>
> If you store which user has access to a row in the row, you can use views
> to control access to the rows for people other than  the system
administrator.
>
> > b) How can I make sure that no one can tap the info while we are
entering
> > the data in the computer? (our family are scattered within US and
Canada)
>
> Use SSL.
>
> > c) Is it possible to securely synchronize/replicate between our
computers
> > using VPN? Does PostgreSQL has this functionality by default?
>
> Probably the best thing here is to run one live server and make backups
> of the system that you store at your relatives along with instructions
> for recovering them if something happens to you. Probably the backups
> should be encrypted with either the keys in your safe deposit box or
> using a system where something like 3 out of 5 keys can be used to recover
> the backup files. Be sure to test the backup recovery.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
>                http://archives.postgresql.org
>




In response to

pgsql-php by date

Next:From: Sarah TanembaumDate: 2004-07-12 22:09:59
Subject: Re: Secure DB Systems - How to
Previous:From: Scott MarloweDate: 2004-07-12 14:46:35
Subject: Re: Resource id #12

pgsql-admin by date

Next:From: Sarah TanembaumDate: 2004-07-12 22:09:59
Subject: Re: Secure DB Systems - How to
Previous:From: Octavio Alvarez PizaDate: 2004-07-12 19:43:26
Subject: Disk usage

pgadmin-support by date

Next:From: Sarah TanembaumDate: 2004-07-12 22:09:59
Subject: Re: Secure DB Systems - How to
Previous:From: Rajesh Kumar MallahDate: 2004-07-12 14:07:21
Subject: Re: Secure DB Systems - How to

pgsql-hackers-win32 by date

Next:From: Sarah TanembaumDate: 2004-07-12 22:09:59
Subject: Re: Secure DB Systems - How to
Previous:From: Jason SheetsDate: 2004-07-12 21:21:47
Subject: Re: PostGre and Windows XP

pgsql-sql by date

Next:From: Sarah TanembaumDate: 2004-07-12 22:09:59
Subject: Re: Secure DB Systems - How to
Previous:From: StefDate: 2004-07-12 16:43:28
Subject: Re: Order of execution of rules

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group