Skip site navigation (1) Skip section navigation (2)

Re: Securing sensitive information

From: Don Arbow <donarb(at)nwlink(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Securing sensitive information
Date: 2002-08-29 18:29:44
Message-ID: donarb-682B0B.11294329082002@news.hub.org (view raw or flat)
Thread:
Lists: pgsql-general
In article <3D6E088D(dot)5050902(at)mega-bucks(dot)co(dot)jp>,
 jc(at)mega-bucks(dot)co(dot)jp (Jean-Christian Imbeault) wrote:

> I've scoured the web and can't seem to find any definitive on how to 
> secure sensitive information in a DB, postgresQL in particular.
> 
> Most suggestions rely upon encrypting the data. This is all fine and 
> well except for the one nagging question I keep having: how do you 
> protect the password that is needed to decrypt the data? Maybe I'm 
> missing something?
> 
> Can anyone recommend any good web documents on how to secure sensitive 
> information?
> 




Peter Wayner has just written a book entitled "Translucent Databases" 
that covers this subject. I have ordered my copy through Amazon and am 
anxiously awaiting its arrival sometime this week.

Here is a link to Wayner's site about the book:
http://www.wayner.org/books/td/

Here is a review at O'Reilly (the review's author uses the 
Yale/Princeton hacking episode to illustrate how the techniques in the 
book would have stopped this from happening):
http://www.oreillynet.com/pub/a/network/2002/08/02/simson.html

Don Arbow

In response to

pgsql-general by date

Next:From: Bruce MomjianDate: 2002-08-29 18:33:54
Subject: Re: [GENERAL] worried about PGPASSWORD drop
Previous:From: Robert TreatDate: 2002-08-29 18:11:42
Subject: Re: [Pgreplication-general] Master/Slave is in town!

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group