| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Jean-Christian Imbeault <jc(at)mega-bucks(dot)co(dot)jp> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Securing sensitive information |
| Date: | 2002-08-29 12:51:15 |
| Message-ID: | 20020829125115.GA8294@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Aug 29, 2002 at 20:42:05 +0900,
Jean-Christian Imbeault <jc(at)mega-bucks(dot)co(dot)jp> wrote:
> I've scoured the web and can't seem to find any definitive on how to
> secure sensitive information in a DB, postgresQL in particular.
>
> Most suggestions rely upon encrypting the data. This is all fine and
> well except for the one nagging question I keep having: how do you
> protect the password that is needed to decrypt the data? Maybe I'm
> missing something?
>
> Can anyone recommend any good web documents on how to secure sensitive
> information?
Who are you trying to protect the data from?
If it is from the system administrator or DBA, that is going to be tough.
If it is database users, you may be able to force access through views
that restrict visible tuples to those each user is supposed to be able to see.
I also have read some other tricks like indexing data by hashes, so that
if you know something about the data (perhaps a last name), you can
compute the hash and use that to retrive the related information.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Johan Fredrik Øhman | 2002-08-29 12:54:34 | Postgresql data designer |
| Previous Message | Mark Kirkwood | 2002-08-29 12:05:47 | Re: Free space mapping (was Re: Multi-Versions and Vacuum) |