Re: database encryption

From: Michael Fuhr <mike(at)fuhr(dot)org>
To: Olivier Boissard <olivier(dot)boissard(at)cerene(dot)fr>
Cc: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-admin(at)postgresql(dot)org
Subject: Re: database encryption
Date: 2007-02-08 11:52:21
Message-ID: 20070208115221.GA76441@winnie.fuhr.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Thu, Feb 08, 2007 at 09:13:48AM +0100, Olivier Boissard wrote:
> I was thinking about a system in which only the php programs will be
> able to manage stored informations. In case of theft or unexpected
> access to servers nobody could be able to retrieve the stored data
> without the authorized key.

What about theft or compromise of the server running the PHP code?
In general it's a good idea to encrypt and decrypt as close to where
the cleartext is needed to limit exposure, but you should also
consider the vulnerability of the system that holds the key. For
some applications it might make sense to use public-key encryption
with the exposed (e.g., Internet-facing) server having only the
public (encryption) key and a more protected backend server having
the corresponding private (decryption) key.

Without knowing the requirements and the threat model it's impossible
to suggest a suitable solution. Can you be more specific about what
you're trying to do?

--
Michael Fuhr

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Bruce Momjian 2007-02-08 14:30:44 Re: database encryption
Previous Message Olivier Boissard 2007-02-08 08:13:48 Re: database encryption