Peter Hunsberger wrote:
> If you really need security of some form at the physical database
> level then don't screw around with convoluted hacks. Encrypt the
> critical data in the database and be done with it.
If the hacker gets root access so they can read
the raw database files, they most likely also
have access to the means to decrypt any
encrypted data. This is particularly so if
the database updates are being done by stored
procedures.
If encryption/decryption happens
on a separate (not-also-compromised) client,
then OK. Do you know of a way to deal with
this if the application is on the same computer
as the database?
--
Richard Walker
Software Improvements Pty Ltd
Phone: +61 2 6273 2055
Fax: +61 2 6273 2082