From: | Silvana Di Martino <silvanadimartino(at)tin(dot)it> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Subject: | pgcrypto, password sharing and privacy law |
Date: | 2004-03-06 08:57:40 |
Message-ID: | 200403060857.40447.silvanadimartino@tin.it |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
I had a look at the C and PL/PGSL server-side functions provided by pgcrypto.
It is possible to encrypt/decrypt data while storing/reading it to/from the
database in this way:
encrypt(data, 'password', 'bf')
decrypt(data, 'password', 'bf')
('bf' stays for "Blowfish", the selected encrypting method )
Unfortunatley, this could be not enough: italian law clearly prohibites
password sharing among operators, so every human and every process that
access the data must use his own password. The schema supplied above uses
just one password for everybody (because it is the only possible thing to do,
technically speaking) and this raises an issue.
It is not clear if the sum of the standard RDBMS authentication plus the
pgcrypto data encryption can satisfy this password-sharing requirement of the
law. IMHO, it should satisfy it because every human uses a different (RDBMS
authentication) password even if the data are encrypted by using just one
(pgcrypto) password.
Should this authentication/encryption system not satisfy the law requirement,
we could even be forced to use a proxy:
- the human/process that wants to access the data connect to the proxy and
supplies his own username/password pair
- the proxy authenticate and authorize the user
- the proxy connect to the RDBMS engine using the pgcrypto password and
stores/fetches data
In this case, I still have to understand where I can safely store the pgcrypto
password (most likely on a USB key) and how I can protect the proxy itself
(compiled/encrypted code, SSH tunneling, and so on...). I just hope it will
not be required.
What do you think of this situation? In your opinion, is it enough to use
RDBMS (strong) authentication + pgcrypto data encryption? Does this system
have any weak point we can still spot and fix?
-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni(at)interfree(dot)it
silvanadimartino(at)tin(dot)it
From | Date | Subject | |
---|---|---|---|
Next Message | Silvana Di Martino | 2004-03-06 08:59:35 | Re: Database Encryption (now required by law in Italy) |
Previous Message | Grega Bremec | 2004-03-06 08:54:36 | Re: Postgresql functions |