From: | Andreas 'ads' Scherbaum <adsmail(at)wars-nicht(dot)de> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: Database level encryption |
Date: | 2010-04-06 12:59:38 |
Message-ID: | 20100406145938.5037011e@platin.wars-nicht.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On Tue, 6 Apr 2010 12:45:52 +0300 Timothy Madden wrote:
> The machine is a mini-laptop running almost all day time (actually
> there are many of them) and if the machine is captured it is likely to
> be captured while running. With an encrypted file system if the
> machine is already booted you already have access to the file system
> and can simply copy it and even place back the machine without anyone
> notice anything.
If someone captures the machine the bad guy can install a network
sniffer and steal the database passwords upon connect.
> With an encrypted database, you need the password anytime you connect,
> even if another application already has an open connection.
See above, this doesn't help.
If someone get's root access to your machine, nothing (no filesystem
and no database encryption) is goint to help you here.
Bye
--
Andreas 'ads' Scherbaum
German PostgreSQL User Group
European PostgreSQL User Group - Board of Directors
Volunteer Regional Contact, Germany - PostgreSQL Project
From | Date | Subject | |
---|---|---|---|
Next Message | Kevin Grittner | 2010-04-06 14:36:17 | Re: Database level encryption |
Previous Message | Renato Oliveira | 2010-04-06 12:48:45 | Re: List of postgreSQL databases |