| From: | Michael Fuhr <mike(at)fuhr(dot)org> |
|---|---|
| To: | Olivier Boissard <olivier(dot)boissard(at)cerene(dot)fr> |
| Cc: | Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: database encryption |
| Date: | 2007-02-08 11:52:21 |
| Message-ID: | 20070208115221.GA76441@winnie.fuhr.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Thu, Feb 08, 2007 at 09:13:48AM +0100, Olivier Boissard wrote:
> I was thinking about a system in which only the php programs will be
> able to manage stored informations. In case of theft or unexpected
> access to servers nobody could be able to retrieve the stored data
> without the authorized key.
What about theft or compromise of the server running the PHP code?
In general it's a good idea to encrypt and decrypt as close to where
the cleartext is needed to limit exposure, but you should also
consider the vulnerability of the system that holds the key. For
some applications it might make sense to use public-key encryption
with the exposed (e.g., Internet-facing) server having only the
public (encryption) key and a more protected backend server having
the corresponding private (decryption) key.
Without knowing the requirements and the threat model it's impossible
to suggest a suitable solution. Can you be more specific about what
you're trying to do?
--
Michael Fuhr
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2007-02-08 14:30:44 | Re: database encryption |
| Previous Message | Olivier Boissard | 2007-02-08 08:13:48 | Re: database encryption |