Re: Page-Level Encryption

From: David Blewett <david(at)dawninglight(dot)net>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Page-Level Encryption
Date: 2006-01-20 20:47:04
Message-ID: 20060120154704.yiiazu5sg78ks4oo@mail.dawninglight.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Quoting Scott Marlowe <smarlowe(at)g2switchworks(dot)com>:

>> Having the table containing the index, or the database object,
>> encrypted would protect against system admins,
>
> IF they've got root, and the unencrypted data or the password / key is
> on the machine or in memory on it, you've lost. It may make it harder
> for them to get it, but they can.

The password shouldn't be saved anywhere, it should be entered manually
when the application starts. Or, only store it on secure removable
media. But it would be better than the options that exist today. You're
right; there is no perfect security, especially when the box has been
rooted. They would have to get root while the machine is powered on,
the database engine is running, and the user was authenticated and
logged in. It might be possible to implement a "kill" switch, where
upon receipt of a signal the user would be logged out and the memory
scrubbed of the private key data.

David

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message David Blewett 2006-01-20 20:50:38 Re: Page-Level Encryption
Previous Message Joshua D. Drake 2006-01-20 20:44:59 Re: Page-Level Encryption