Re: Database level encryption

From: Anibal David Acosta <anibal(dot)acosta(at)edge(dot)com(dot)py>
To: "'Scott Marlowe'" <scott(dot)marlowe(at)gmail(dot)com>, "'Timothy Madden'" <terminatorul(at)gmail(dot)com>
Cc: "'Joe Conway'" <mail(at)joeconway(dot)com>, <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Database level encryption
Date: 2010-04-05 20:55:23
Message-ID: 000b01cad502$52774700$f765d500$@net.py
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

TrueCrypt is a free open source application, can encrypt any drive or create
a virtual encrypted drive.

-----Mensaje original-----
De: pgsql-admin-owner(at)postgresql(dot)org
[mailto:pgsql-admin-owner(at)postgresql(dot)org] En nombre de Scott Marlowe
Enviado el: lunes, 05 de abril de 2010 05:35 p.m.
Para: Timothy Madden
CC: Joe Conway; pgsql-admin(at)postgresql(dot)org
Asunto: Re: [ADMIN] Database level encryption

On Mon, Apr 5, 2010 at 2:30 PM, Timothy Madden <terminatorul(at)gmail(dot)com>
wrote:
> My scenario is how to protect the database if the machine is stolen
> (it is a mini-laptop), and
> I would like to encrypt the entire database, that is all columns of
> all tables, and if possible
> everything else found in the database.
>
> I would like all searching and sorting functions, just like with a
> normal database (that is,
> transparent encryption for the application level). The password will
> be entered by a human in
> order to start the application. The application exits after three
> unsuccessful attempts, but
> nothing prevents the user to start the application again; the number
> of failures is not counted.
> However if the database could count that I would not mind. I want a
> single password for
> data access to the entire database, there is only one database user
> involved anyway.
>
> I do not  see the careful analysis required that you write about, I
> would say I am asking for
> SGBD support for database-level encryption.

Everything you've said so far points to using a mounted encrypted
drive to store the db. Windows and Linux both support this, and I'm
sure Mac does too. The fact that a different tool is needed for each
OS might be an issue. It's dirt simple to setup an encrypted drive on
linux where the user types in the passphrase on each boot. Some
laptops have wonky behaviour bringing up drives on USB at bootup tho
(I'm looking at a Dell that's sitting in the cube next to me that has
issues a BIOS update can't fix.)

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Joe Conway 2010-04-05 22:50:12 Re: Database level encryption
Previous Message Kevin Grittner 2010-04-05 20:46:48 Re: Database level encryption