Re: Database Encryption (now required by law in Italy)

From: Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com>
To: Silvana Di Martino <silvanadimartino(at)tin(dot)it>
Cc: Alex Page <alex(dot)page(at)cancer(dot)org(dot)uk>, pgsql-admin(at)postgresql(dot)org
Subject: Re: Database Encryption (now required by law in Italy)
Date: 2004-03-05 20:44:35
Message-ID: 20040305124059.T92989@megazone.bigpanda.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Fri, 5 Mar 2004, Silvana Di Martino wrote:

> Alle 20:14, venerd 5 marzo 2004, Stephan Szabo ha scritto:
> > > Unfortunately, the new Italian law forces us to take seriously into
> > > account this catastrophic scenario and another one that is almost as
> > > worring: an unfaithful SysAdmin that copies your data and sells them to
> > > KGB. So, database encryption (and not disk encryption) is the _only_
> > > answer.
> >
> > But since your sysadmin (if not trusted) could go behind your back and
> > replace the database, any applications that are using the data, etc, I'm
> > not sure that's even sufficient.
>
> Replacing the RDBMS engine and/or the "client" application, would be useless:
> the "cracker" still need the password to access the encrypted data.

Only for data that's already there though, right? What about any
additions (and possibly changes) made after that point?

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Silvana Di Martino 2004-03-05 21:18:37 Re: Database Encryption (now required by law in Italy)
Previous Message scott.marlowe 2004-03-05 20:34:39 Re: Database Encryption (now required by law in Italy)