| From: | Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com> |
|---|---|
| To: | Silvana Di Martino <silvanadimartino(at)tin(dot)it> |
| Cc: | Alex Page <alex(dot)page(at)cancer(dot)org(dot)uk>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Database Encryption (now required by law in Italy) |
| Date: | 2004-03-05 20:44:35 |
| Message-ID: | 20040305124059.T92989@megazone.bigpanda.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Fri, 5 Mar 2004, Silvana Di Martino wrote:
> Alle 20:14, venerd 5 marzo 2004, Stephan Szabo ha scritto:
> > > Unfortunately, the new Italian law forces us to take seriously into
> > > account this catastrophic scenario and another one that is almost as
> > > worring: an unfaithful SysAdmin that copies your data and sells them to
> > > KGB. So, database encryption (and not disk encryption) is the _only_
> > > answer.
> >
> > But since your sysadmin (if not trusted) could go behind your back and
> > replace the database, any applications that are using the data, etc, I'm
> > not sure that's even sufficient.
>
> Replacing the RDBMS engine and/or the "client" application, would be useless:
> the "cracker" still need the password to access the encrypted data.
Only for data that's already there though, right? What about any
additions (and possibly changes) made after that point?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Silvana Di Martino | 2004-03-05 21:18:37 | Re: Database Encryption (now required by law in Italy) |
| Previous Message | scott.marlowe | 2004-03-05 20:34:39 | Re: Database Encryption (now required by law in Italy) |