| From: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
|---|---|
| To: | "Timothy Madden" <terminatorul(at)gmail(dot)com> |
| Cc: | "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com>, "Joe Conway" <mail(at)joeconway(dot)com>, <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Database level encryption |
| Date: | 2010-04-06 14:36:17 |
| Message-ID: | 4BBB009102000025000304D3@gw.wicourts.gov |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Timothy Madden <terminatorul(at)gmail(dot)com> wrote:
> With an encrypted database, you need the password anytime you
> connect, even if another application already has an open
> connection.
How is the database server supposed to start up and become ready to
accept connections without reading the database?
Also, as previously mentioned, if a bad guy gets hold of the machine
while running, what prevents them from installing a daemon to record
and transmit keystrokes after they copy the encrypted data?
Perhaps an encrypted drive for the database data combined with an
aggressive lockup policy for an idle machine would work?
-Kevin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Timothy Madden | 2010-04-06 14:59:59 | Re: Database level encryption |
| Previous Message | Andreas 'ads' Scherbaum | 2010-04-06 12:59:38 | Re: Database level encryption |