| From: | Don Arbow <donarb(at)nwlink(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Securing sensitive information |
| Date: | 2002-08-29 18:29:44 |
| Message-ID: | donarb-682B0B.11294329082002@news.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
In article <3D6E088D(dot)5050902(at)mega-bucks(dot)co(dot)jp>,
jc(at)mega-bucks(dot)co(dot)jp (Jean-Christian Imbeault) wrote:
> I've scoured the web and can't seem to find any definitive on how to
> secure sensitive information in a DB, postgresQL in particular.
>
> Most suggestions rely upon encrypting the data. This is all fine and
> well except for the one nagging question I keep having: how do you
> protect the password that is needed to decrypt the data? Maybe I'm
> missing something?
>
> Can anyone recommend any good web documents on how to secure sensitive
> information?
>
Peter Wayner has just written a book entitled "Translucent Databases"
that covers this subject. I have ordered my copy through Amazon and am
anxiously awaiting its arrival sometime this week.
Here is a link to Wayner's site about the book:
http://www.wayner.org/books/td/
Here is a review at O'Reilly (the review's author uses the
Yale/Princeton hacking episode to illustrate how the techniques in the
book would have stopped this from happening):
http://www.oreillynet.com/pub/a/network/2002/08/02/simson.html
Don Arbow
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-08-29 18:33:54 | Re: [GENERAL] worried about PGPASSWORD drop |
| Previous Message | Robert Treat | 2002-08-29 18:11:42 | Re: [Pgreplication-general] Master/Slave is in town! |