Re: Database level encryption

From: "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
To: "Timothy Madden" <terminatorul(at)gmail(dot)com>
Cc: "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com>, "Joe Conway" <mail(at)joeconway(dot)com>, <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Database level encryption
Date: 2010-04-06 22:07:21
Message-ID: 4BBB6A49020000250003052B@gw.wicourts.gov
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Timothy Madden <terminatorul(at)gmail(dot)com> wrote:

> The machine does not have internet

It would be very unusual for a machine never to be connected to a
network which has Internet access, at least for periodic OS updates
or to get new versions of the database or software. But OK, if you
say they are never, ever connected to networks with Internet
connections, I guess the bad guy would need to access the machine
*twice* to get the password off of it and compromise the data. You
still haven't suggested any reason that this would be more secure
than an encrypted mount-point combined with aggressive idle-time
lockup, though.

> it will not be trivial for the bad guy to install anything there.

Well, if you set up security properly, it wouldn't be trivial for a
bad guy to copy the database off the machine under the pending
login, if they got hold of it while it was running, unless someone
left it running under the root login. Personally, I wouldn't give
the password for that login to anyone who was going to be carrying
the laptop into the field.

> And my idea is exactly that the database is inaccessible, even if
> the server starts.

But the server needs to read certain data from the database
directory in order to start. In particular, WAL files need to be
read to get a clean start, and those can contain any data from the
database table. Any or all tables may need to be accessed to get
the database to a consistent point on startup. Plus there are all
the system catalogs, including the ones needed to authenticate
users.

-Kevin

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Timothy Madden 2010-04-07 10:24:19 Re: Database level encryption
Previous Message Kevin Grittner 2010-04-06 20:59:15 Re: dblink_connect is slow