Quick Links

Re: [PHP] Secure DB Systems - How to

From:	Daniel Struck <struck(dot)d(at)retrovirology(dot)lu>
To:	Bruno Wolff III <bruno(at)wolff(dot)to>
Cc:	Sarah Tanembaum <sarahtanembaum(at)yahoo(dot)com>, pgsql-php(at)postgresql(dot)org, pgsql-admin(at)postgresql(dot)org, pgsql-hackers-win32(at)postgresql(dot)org, pgadmin-support(at)postgresql(dot)org, pgsql-sql(at)postgresql(dot)org
Subject:	Re: [PHP] Secure DB Systems - How to
Date:	2004-07-13 13:18:38
Message-ID:	20040713151838.0004cb8e@localhost
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgadmin-support pgsql-admin pgsql-hackers-win32 pgsql-php pgsql-sql

> If you decrypt the data on the database, the sysadmin can see it.

Hm, you are right. If one does decrypt the data on the database you have to sent the password to postgresql and so a administrator of the database could easily grasb the password.

So the only way to go, would be to perform en/decryption on the client side?

> If you are willing to take that chance (e.g. if you primary concern is
> some third party getting a snapshot of the DB), then you can do lots of
> things.

I wonder now; if somebody could achieve to get a snapshot of the database, they could also be able to get the log-file of postgresql.
So one would also have to make attention that the information like sql statements don't leak that way.
Are there other places where this kind of information could leak?

Greetings,

Daniel Struck

--
Retrovirology Laboratory Luxembourg
Centre Hospitalier de Luxembourg
4, rue E. Barblé
L-1210 Luxembourg

phone: +352-44116105
fax: +352-44116113
web: http://www.retrovirology.lu
e-mail: struck(dot)d(at)retrovirology(dot)lu

In response to

Re: [PHP] Secure DB Systems - How to at 2004-07-13 12:38:17 from Bruno Wolff III

Responses

Re: [ADMIN] [PHP] Secure DB Systems - How to at 2004-07-13 14:06:02 from Mitch Pirtle

Browse pgadmin-support by date

	From	Date	Subject
Next Message	Mitch Pirtle	2004-07-13 14:06:02	Re: [ADMIN] [PHP] Secure DB Systems - How to
Previous Message	Bruno Wolff III	2004-07-13 12:38:17	Re: [PHP] Secure DB Systems - How to

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Gaetano Mendola	2004-07-13 13:32:49	Re: Slony NG
Previous Message	Jim Seymour	2004-07-13 13:10:04	Re: Slony NG

Browse pgsql-hackers-win32 by date

	From	Date	Subject
Next Message	Alexander Cohen	2004-07-13 13:44:27	libpq compiled not compiled with minGW
Previous Message	Merlin Moncure	2004-07-13 12:51:13	Re: PostGre and Windows XP

Browse pgsql-php by date

	From	Date	Subject
Next Message	Mitch Pirtle	2004-07-13 14:06:02	Re: [ADMIN] [PHP] Secure DB Systems - How to
Previous Message	Bruno Wolff III	2004-07-13 12:38:17	Re: [PHP] Secure DB Systems - How to

Browse pgsql-sql by date

	From	Date	Subject
Next Message	Mitch Pirtle	2004-07-13 14:06:02	Re: [ADMIN] [PHP] Secure DB Systems - How to
Previous Message	Bob Arens	2004-07-13 12:56:00	Query plan discrepancies