From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
---|---|
To: | Olivier Boissard <olivier(dot)boissard(at)cerene(dot)fr> |
Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Michael Fuhr <mike(at)fuhr(dot)org>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-admin(at)postgresql(dot)org |
Subject: | Re: database encryption |
Date: | 2007-02-09 16:28:27 |
Message-ID: | 20070209162827.GA17098@wolff.to |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On Fri, Feb 09, 2007 at 09:03:20 +0100,
Olivier Boissard <olivier(dot)boissard(at)cerene(dot)fr> wrote:
> Thanks for responses.
> I expose the context of my question :
>
> I need to install a server for a specific web application written in PHP.
> This one works by making queries to a postgresql database. The database
> contains confidential data.
Who are you trying to keep this data from? Does this include the client?
Who needs to see the decrypted data? Does the database need to in order
to efficiently do queries? Does the webserver/php server need to or does
it produce output that the end user can download and decrypt on their end?
> For several reasons the server will be installed inside the Local
> network of our client. I will not be able to supervise and control it.
Again, is your client being treated as an opponent? Are you worried about
other threats such as stolen servers or back up tapes?
> As it's a fussy situation I am thinking about encryption.
> I was thinking about PHP encryption solution (Zend or Ioncube) for the
> web application protection.
> But sensitive data must be protected too.
Again, from who?
> Pgcrypto seemed to be the encryption solution but I am not sure it's a
> good idea because all keys will be located on server ( if I have well
> understood) and the documention explain that the data will appear on
> "clear text" for a short period.
Whether or not that is a problem depends on what kind of attacks you are
trying to protect against. If you are trying to protect against the case
where the db server gets owned, having the keys on the server will make them
available to the attacker.
From | Date | Subject | |
---|---|---|---|
Next Message | Alexander B. | 2007-02-09 19:23:58 | Hierarchical structure |
Previous Message | Olivier Boissard | 2007-02-09 08:03:20 | Re: database encryption |