| From: | Chris(dot)Ellis(at)shropshire(dot)gov(dot)uk |
|---|---|
| To: | wmoran(at)potentialtech(dot)com |
| Cc: | pgsql-general(at)postgresql(dot)org, pgsql-general-owner(at)postgresql(dot)org |
| Subject: | Re: Looking for advice on database encryption |
| Date: | 2009-04-17 09:32:23 |
| Message-ID: | OF83D0BF19.5F62826B-ON8025759B.0033F0EC-8025759B.0034937A@shropshire.gov.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> What are folks doing to protect sensitive data in their databases?
>
> We're running on the assumption that the _really_ sensitive data
> is too sensitive for us to just trust the front-end programs that
> connect to it.
>
> The decision coming down from on-high is that we need to encrypt
> certain fields. That's fine, looked at pgcrypto, but found
> the requirement to use pgp on the command line for key management
> to be a problem.
>
> So we're trying to implement the encryption in the front-end, but
> the problem we're having is searching on the encrypted fields. Since
> we have to decrypt each field to search on it, queries that previously
> took seconds now take minutes (or worse).
>
> We've tested a number of cryptographic accelerator products. In
> case nobody else has tried this, let me give away the ending: none
> that we've found are any faster than a typical server CPU.
>
> So, it's a pretty open-ended question, since we're still pretty open
> to different approaches, but how are others approaching this problem?
>
> The goal here is that if we're going to encrypt the data, it should
> be encrypted in such a way that if an attacker gets ahold of a dump
> of the database, they still can't access the data without the
> passphrases of the individuals who entered the data.
Take the performance hit, If people on high want the data encrypted, then
they have to suffer the perfromance penalty, however bad.
Could you not write some server extensions to encrypt / decrypt the data
server side, coupled with a custom index implementation?
Can you use a global server side key or do you need fine grained
encryption?
Is a database the correct tool for the job if you want this level of
encryption and granularity?
Also, how secure are you communication channels, what stops me snooping
the data in transit, ARP posioning and other techniques etc.
Chris Ellis
******************************************************************************
If you are not the intended recipient of this email please do not send it on
to others, open any attachments or file the email locally.
Please inform the sender of the error and then delete the original email.
For more information, please refer to http://www.shropshire.gov.uk/privacy.nsf
******************************************************************************
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Shug Boabby | 2009-04-17 09:46:42 | Re: (P)SQL for a sum with constraints |
| Previous Message | rolandpeng | 2009-04-17 08:50:11 | Re: Does anyone use postgreSQL(windows version)+Hibernate with middlegen? |