Re: database encryption

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Olivier Boissard <olivier(dot)boissard(at)cerene(dot)fr>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Michael Fuhr <mike(at)fuhr(dot)org>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-admin(at)postgresql(dot)org
Subject: Re: database encryption
Date: 2007-02-09 16:28:27
Message-ID: 20070209162827.GA17098@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Fri, Feb 09, 2007 at 09:03:20 +0100,
Olivier Boissard <olivier(dot)boissard(at)cerene(dot)fr> wrote:
> Thanks for responses.
> I expose the context of my question :
>
> I need to install a server for a specific web application written in PHP.
> This one works by making queries to a postgresql database. The database
> contains confidential data.

Who are you trying to keep this data from? Does this include the client?
Who needs to see the decrypted data? Does the database need to in order
to efficiently do queries? Does the webserver/php server need to or does
it produce output that the end user can download and decrypt on their end?

> For several reasons the server will be installed inside the Local
> network of our client. I will not be able to supervise and control it.

Again, is your client being treated as an opponent? Are you worried about
other threats such as stolen servers or back up tapes?

> As it's a fussy situation I am thinking about encryption.
> I was thinking about PHP encryption solution (Zend or Ioncube) for the
> web application protection.
> But sensitive data must be protected too.

Again, from who?

> Pgcrypto seemed to be the encryption solution but I am not sure it's a
> good idea because all keys will be located on server ( if I have well
> understood) and the documention explain that the data will appear on
> "clear text" for a short period.

Whether or not that is a problem depends on what kind of attacks you are
trying to protect against. If you are trying to protect against the case
where the db server gets owned, having the keys on the server will make them
available to the attacker.

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Alexander B. 2007-02-09 19:23:58 Hierarchical structure
Previous Message Olivier Boissard 2007-02-09 08:03:20 Re: database encryption