| From: | Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: security question |
| Date: | 2007-01-22 16:15:31 |
| Message-ID: | 45B4E323.2040505@cox.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/22/07 09:55, Jan Muszynski wrote:
> On 22 Jan 2007 at 16:10, Sim Zacks wrote:
>
>> How good is postgresql security? For example, If I have data
>> that I do not anyone to see, including the programmer/dba, is
>> it enough to change the password to the only user? If they have
>> access to the raw files is there a way for them to somehow see
>> the data? can they copy the files to another postgresql
>> instance where they have rights and view the data?
>>
>> Basically, we have a requirement to put sensitive personnel
>> information into the database, including salary etc. and we
>> don't want any employees, including the dba to have a
>> possibility of accessing it.
>
> You'll have to store the data encrypted. If you want to be
> ultrasecure you should encrypt\decrypt on the client side.
>
> http://www.postgresql.org/docs/8.2/interactive/encryption-options.html
>
>
> You can encrypt/decrypt server side using fynctions from the
> contrib pgrypto module, but if you choose to do it that way then
> the data is being transmitted in the clear between the client and
> the server (unless you're using SSL). Even if using SSL the data
> would be present on the server in unencrypted form both before it
> gets stored, and after it gets decrypted and is being sent back
> to the client. Any DBA etc would be able to intercept that data.
> Not only that but the DBA would be able to intercept the key
> being used to encrypt/decrypt the data (and thus be able to
> decrypt the contents of the entire DB).
Root, I can understand, but why would the DBA be able to intercept
the key?
> The only way to absolutely prevent this from happening is to
> encrypt/decrypt locally on the client side.
Unless you are also running DB apps on the host.
> This is not a PostgreSQL limitation, it would be true of any DB
> out there
Running under the standard Unix "root can do anything" security model.
Systems with (properly configured) highly-granular security models
would not let that happen.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFtOMjS9HxQb37XmcRAk65AJ4kq/gZwtm30ADG1SYNpN4ZPwQSJACcDmKg
3frSz8GJC/FJaTAdDlIiACA=
=6f2P
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-01-22 16:16:43 | Re: Is there an equivalent of the W3c HTML checker for SQL? |
| Previous Message | Robert Fitzpatrick | 2007-01-22 16:05:49 | MSSQL/ASP migration |