| From: | Silvana Di Martino <silvanadimartino(at)tin(dot)it> |
|---|---|
| To: | Mitch Pirtle <mitchy(at)spacemonkeylabs(dot)com>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Database Encryption (now required by law in Italy) |
| Date: | 2004-03-05 19:45:33 |
| Message-ID: | 200403051945.33848.silvanadimartino@tin.it |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Alle 13:53, venerdì 5 marzo 2004, Mitch Pirtle ha scritto:
> The same logic applies to encrypting the data in the database -
> somewhere on your server the application has to know how to decrypt it,
> and that means anyone that gains access to your server will have that
> ability also...
That's true, of course but...
1) The cryptographic keys used by the application to access the data could be
stored (encrypted) inside a compiled C/C++ or Delphi/Kylyx program.
2) No matter what we think about data encryption, a (stupid) italian law
enforces it ("Allegato B, Decreto Legge 196/03, Dicembre 2003).
3) As I told in another message, our law prohibites that our SysAdmin had
access to data. Just authorized operators can read them.
> I understand (and demand) requiring SSL connections for database
> clients, and MD5 hashing of passwords before storing in the database,
> but implementing two-way encryption of database data just doesn't make
> sense to me.
Neither to me, actually, but it makes to our law-makers (Have you heard of
Silvio Berlusconi?).
See you
-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni(at)interfree(dot)it
silvanadimartino(at)tin(dot)it
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Silvana Di Martino | 2004-03-05 20:12:37 | Re: Database Encryption (now required by law in Italy) |
| Previous Message | scott.marlowe | 2004-03-05 19:38:34 | Re: Database Encryption (now required by law in Italy) |