Re: Securing Postgres

From: "Stefan 'Kaishakunin' Schumacher" <stefan(at)net-tex(dot)de>
To: L van der Walt <mailing(at)lani(dot)co(dot)za>
Cc: Richard Huxton <dev(at)archonet(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: Securing Postgres
Date: 2005-10-05 15:32:23
Message-ID: 20051005153223.GA841@wieland.net-tex.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Also sprach L van der Walt (mailing(at)lani(dot)co(dot)za)
> The big problem is that the administrators works for the client and not
> for me. I don't want the client to reverse engineer my database.

[...]

> About the raw database files, I can use encryption to protect the data.

How shall the DBMS acces the data files? It will need the key, be it a
simple password or a pub key for asymmetric encryption. So you have to
store the key somewhere on the machine where an administrator can
access it. You could store the key on another machine, but it has to
be transmitted to the server, so anyone with physical (or at least
root access) can sniff it.

However, there is *no* way to protect a computer program from being
reverse engineered. If you want to run it, it has to be read and
executed by the server, so it can also be analyzed by an attacker.

That's actually the same problem Digital Restriction Management
systems have, the simply *do* *not* *work*.

--
PGP FPR: CF74 D5F2 4871 3E5C FFFE 0130 11F4 C41E B3FB AE33
--
https://www.ccc.de/ - Europe`s largest hacker group, founded in 1981.

http://mdc3.cybernotic.org/ - Chaostreff Magdeburg

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Lincoln Yeoh 2005-10-05 15:37:55 Re: Securing Postgres
Previous Message codeWarrior 2005-10-05 15:30:49 Re: query execution