Re: Database level encryption

From: Andreas 'ads' Scherbaum <adsmail(at)wars-nicht(dot)de>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Database level encryption
Date: 2010-04-06 12:59:38
Message-ID: 20100406145938.5037011e@platin.wars-nicht.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Tue, 6 Apr 2010 12:45:52 +0300 Timothy Madden wrote:

> The machine is a mini-laptop running almost all day time (actually
> there are many of them) and if the machine is captured it is likely to
> be captured while running. With an encrypted file system if the
> machine is already booted you already have access to the file system
> and can simply copy it and even place back the machine without anyone
> notice anything.

If someone captures the machine the bad guy can install a network
sniffer and steal the database passwords upon connect.

> With an encrypted database, you need the password anytime you connect,
> even if another application already has an open connection.

See above, this doesn't help.

If someone get's root access to your machine, nothing (no filesystem
and no database encryption) is goint to help you here.

Bye

--
Andreas 'ads' Scherbaum
German PostgreSQL User Group
European PostgreSQL User Group - Board of Directors
Volunteer Regional Contact, Germany - PostgreSQL Project

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Kevin Grittner 2010-04-06 14:36:17 Re: Database level encryption
Previous Message Renato Oliveira 2010-04-06 12:48:45 Re: List of postgreSQL databases