| From: | Justin Graf <justin(at)magwerks(dot)com> |
|---|---|
| To: | Hector Beyers <hqbeyers(at)gmail(dot)com> |
| Cc: | Bill Moran <wmoran(at)potentialtech(dot)com>, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Hiding data in postgresql |
| Date: | 2010-05-25 18:05:10 |
| Message-ID: | 4BFC1156.9090409@magwerks.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
On 5/24/2010 3:18 PM, Hector Beyers wrote:
> Yes, I mean hide. I am approaching the problem out of the perspective
> of a malicious user / hacker.
>
> **snip***
First hiding data is not a solution to secure or block access to
information. This only slows people down it does not stop them, never
underestimate users with access to the data
It would be helpful to explain the type of data that needs to be
hidden/secured
Example of failed attempts to hide data is to look at the numerous
mistakes in securing credit card data at many Companies.
In almost every case that i have read the programmers just tried to hide
the data or limit access instead of doing Public Key Private Key
encryption methodology . I know of several big name apps that still
store credit card data where the end users can reverse the encryption
meaning if the key becomes unsecured any the data is visible that is
encrypted.
I have seen where the data is only encrypted inside the database so the
information is transmitted in the clear to the client as the database
decrypted the data on the fly . What is the point??
Trying to hide information is waste of time and energy look into
encryption.
All legitimate Magwerks Corporation quotations are sent in a .PDF file attachment with a unique ID number generated by our proprietary quotation system. Quotations received via any other form of communication will not be honored.
CONFIDENTIALITY NOTICE: This e-mail, including attachments, may contain legally privileged, confidential or other information proprietary to Magwerks Corporation and is intended solely for the use of the individual to whom it addresses. If the reader of this e-mail is not the intended recipient or authorized agent, the reader is hereby notified that any unauthorized viewing, dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and destroy all occurrences of this e-mail immediately.
Thank you.
| Attachment | Content-Type | Size |
|---|---|---|
| justin.vcf | text/x-vcard | 258 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | akp geek | 2010-05-25 18:29:31 | export data to excel |
| Previous Message | ritas | 2010-05-25 16:15:07 | Re: can't install postgres 8.4 on windows 2003 server |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-05-25 18:09:01 | Re: [PATCH] Add XMLEXISTS function from the SQL/XML standard |
| Previous Message | Andrew Dunstan | 2010-05-25 18:02:02 | Re: [PATCH] Add XMLEXISTS function from the SQL/XML standard |