From: | Anibal David Acosta <anibal(dot)acosta(at)edge(dot)com(dot)py> |
---|---|
To: | "'Scott Marlowe'" <scott(dot)marlowe(at)gmail(dot)com>, "'Timothy Madden'" <terminatorul(at)gmail(dot)com> |
Cc: | "'Joe Conway'" <mail(at)joeconway(dot)com>, <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: Database level encryption |
Date: | 2010-04-05 20:55:23 |
Message-ID: | 000b01cad502$52774700$f765d500$@net.py |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
TrueCrypt is a free open source application, can encrypt any drive or create
a virtual encrypted drive.
-----Mensaje original-----
De: pgsql-admin-owner(at)postgresql(dot)org
[mailto:pgsql-admin-owner(at)postgresql(dot)org] En nombre de Scott Marlowe
Enviado el: lunes, 05 de abril de 2010 05:35 p.m.
Para: Timothy Madden
CC: Joe Conway; pgsql-admin(at)postgresql(dot)org
Asunto: Re: [ADMIN] Database level encryption
On Mon, Apr 5, 2010 at 2:30 PM, Timothy Madden <terminatorul(at)gmail(dot)com>
wrote:
> My scenario is how to protect the database if the machine is stolen
> (it is a mini-laptop), and
> I would like to encrypt the entire database, that is all columns of
> all tables, and if possible
> everything else found in the database.
>
> I would like all searching and sorting functions, just like with a
> normal database (that is,
> transparent encryption for the application level). The password will
> be entered by a human in
> order to start the application. The application exits after three
> unsuccessful attempts, but
> nothing prevents the user to start the application again; the number
> of failures is not counted.
> However if the database could count that I would not mind. I want a
> single password for
> data access to the entire database, there is only one database user
> involved anyway.
>
> I do not see the careful analysis required that you write about, I
> would say I am asking for
> SGBD support for database-level encryption.
Everything you've said so far points to using a mounted encrypted
drive to store the db. Windows and Linux both support this, and I'm
sure Mac does too. The fact that a different tool is needed for each
OS might be an issue. It's dirt simple to setup an encrypted drive on
linux where the user types in the passphrase on each boot. Some
laptops have wonky behaviour bringing up drives on USB at bootup tho
(I'm looking at a Dell that's sitting in the cube next to me that has
issues a BIOS update can't fix.)
From | Date | Subject | |
---|---|---|---|
Next Message | Joe Conway | 2010-04-05 22:50:12 | Re: Database level encryption |
Previous Message | Kevin Grittner | 2010-04-05 20:46:48 | Re: Database level encryption |