| From: | Dave Ewart <Dave(dot)Ewart(at)cancer(dot)org(dot)uk> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Database Encryption (now required by law in Italy) |
| Date: | 2004-03-05 12:08:02 |
| Message-ID: | 20040305120802.GJ13042@nemesis.ox.icnet.uk |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Friday, 05.03.2004 at 11:17 +0000, Matt Clark wrote:
> > What's wrong with using a LoopAES filesystem? It protects against
> > someone walking off with the server, or at least the hard disk, and
> > being able to see the data.
>
> Yes, but only if the password has to entered manually [1] at boot
> time. And it gives zero protection against someone who gains root
> access to the server.
>
> [...]
>
> [1] There are ways of avoiding having to enter the info manually, but
> they're very tricky to implement securely.
Not sure I follow this - there's no point AT ALL in using LoopAES if you
can mount the encrypted partitions without needing manual intervention
at boot time.
Dave.
--
Dave Ewart
Dave(dot)Ewart(at)cancer(dot)org(dot)uk
Computing Manager, Epidemiology Unit, Oxford
Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Ewart | 2004-03-05 12:12:54 | Re: Database Encryption (now required by law in Italy) |
| Previous Message | Dave Ewart | 2004-03-05 12:06:48 | Re: Database Encryption (now required by law in Italy) |