| From: | Ron <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Regd. the Implementation of Wallet (in Oracle) config equivalent in postgreSQL whilst the database migration |
| Date: | 2022-12-21 23:10:00 |
| Message-ID: | 2b9e2d41-9eb8-7ab9-0cb7-816b9eb1cef1@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
If a hacker gets in with root access, they can copy /your/ (and my)
Postgresql database files (or, more easily, the backup files) off site,
restore them, and then have access to your database. Not so much
TDE-encrypted databases, since the backups are encrypted too and you need
the key to decrypt them,
As for the Bad Things which happen if you lose the keys... well, *don't lose
the keys!!*
On 12/21/22 16:25, Benedict Holland wrote:
> What would you be missing? You can encrypt databases. You can encrypt the
> s3 buckets using kms. You can govern access via ssh Auth. When you do
> backups, you can encrypt the tar.gz files or whatever format and store it
> on s3. Same with the wal files. The fact that oracle charges for this is a
> joke. Of course, you would need to ensure compliance with your opsec teams
> and stuck with best security practices but it seems top to bottom
> encryption is unrelated or tangentially related to the databases.
>
> Also, if you lose the encryption keys for your backups then bad things
> happen. I doubt what I did was production viable but I limited database
> access to a handful of users, encrypted the disks, left the Wal files
> unencrypted but mounted with read access for a single user, compressed
> full backups with encryption and a password, generated sah keys for anyone
> who needed service accounts to access the systems, enforced database
> ownership permissions, and and gave server access to a tiny team with 2fa.
> The way 8 figured it, if someone somehow rooted the box we were screwed
> anyway.
>
> For an internal database, this seemed sufficient. For an external
> database, I would highly recommend paid consulting security firms or hire
> people who know to build an externally facing platform.
>
> Thanks
> Ben
>
> On Wed, Dec 21, 2022, 4:39 PM Rainer Duffner <rainer(at)ultra-secure(dot)de> wrote:
>
>
>
>> Am 21.12.2022 um 22:34 schrieb Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>:
>>
>> There is no exact equivalent, but there is something similar and much
>> better: you can
>> authenticate the client with SSL client certificates:
>> https://www.postgresql.org/docs/current/auth-cert.html
>
>
> Isn’t the wallet the part where the encryption keys are stored?
>
> Indeed, one of the few remaining features that only Oracle (and of
> course other commercial RDMSs) has seems to be full HSM support for TDE.
>
>
> Rainer
>
--
Angular momentum makes the world go 'round.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron | 2022-12-21 23:13:23 | Re: Regd. the Implementation of Wallet (in Oracle) config equivalent in postgreSQL whilst the database migration |
| Previous Message | Benedict Holland | 2022-12-21 22:25:28 | Re: Regd. the Implementation of Wallet (in Oracle) config equivalent in postgreSQL whilst the database migration |