Quick Links

Re: [ADMIN] Secure DB Systems - How to

From:	Greg Stark <gsstark(at)mit(dot)edu>
To:	Bruno Wolff III <bruno(at)wolff(dot)to>
Cc:	Daniel Struck <struck(dot)d(at)retrovirology(dot)lu>, Mitch Pirtle <mitchy(at)spacemonkeylabs(dot)com>, pgsql-php(at)postgresql(dot)org
Subject:	Re: [ADMIN] Secure DB Systems - How to
Date:	2004-07-28 20:16:10
Message-ID:	87brhzsx9x.fsf@stark.xeocode.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgadmin-support pgsql-admin pgsql-hackers-win32 pgsql-php pgsql-sql

Bruno Wolff III <bruno(at)wolff(dot)to> writes:

> That depends on the kind of queries. Searching for exact matches should work
> fine. Some other things can be done in special cases.

If searching for exact matches works then you're using a naive encryption
system. The problem is that it also means your database is vulnerable to
dictionary attacks. Good encryption systems will include random padding to
ensure that you can't attack it by merely guessing many possible plaintexts
and verifying to see if any match.

--
greg

In response to

Re: [ADMIN] Secure DB Systems - How to at 2004-07-27 19:49:05 from Bruno Wolff III

Responses

Re: [ADMIN] Secure DB Systems - How to at 2004-07-29 09:16:08 from Daniel Struck
Re: [ADMIN] Secure DB Systems - How to at 2004-07-29 18:00:10 from Bruno Wolff III

Browse pgadmin-support by date

	From	Date	Subject
Next Message	Rodríguez Rodríguez, Pere	2004-07-29 08:04:27	two bugs?
Previous Message	Hiroshi Saito	2004-07-28 00:30:06	Re: pgadmin3 on freebsd

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Bruce Momjian	2004-07-29 06:10:18	Re: [HACKERS] Point in Time Recovery
Previous Message	Randall Perry	2004-07-28 18:14:40	Re: How do I grant access to entire database at

Browse pgsql-hackers-win32 by date

	From	Date	Subject
Next Message	Tom Lane	2004-07-28 21:49:55	Re: win32 pgsql not installable
Previous Message	Merlin Moncure	2004-07-28 19:15:36	Re: win32 pgsql not installable

Browse pgsql-php by date

	From	Date	Subject
Next Message	Chris	2004-07-28 23:55:33	Re: Strange warning message
Previous Message	Lynna Landstreet	2004-07-28 19:52:38	Re: Strange warning message

Browse pgsql-sql by date

	From	Date	Subject
Next Message	tgl	2004-07-29 01:16:32	Re: hey
Previous Message	Karsten Hilbert	2004-07-28 12:08:11	Re: surrogate key or not?