Re: Database level encryption

From: Michael Gould <mgould(at)intermodalsoftwaresolutions(dot)net>
To: Timothy Madden <terminatorul(at)gmail(dot)com>, Andreas 'ads' Scherbaum <adsmail(at)wars-nicht(dot)de>
Cc: Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>, pgsql-admin(at)postgresql(dot)org, Joe Conway <mail(at)joeconway(dot)com>
Subject: Re: Database level encryption
Date: 2010-04-07 12:25:52
Message-ID: 4fafa57d090e57bb44ec5a177ecf292e@intermodalsoftwaresolutions.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Timothy,

I've worked with SQL Anywhere which does have database encryption. There
are pluses to having a encrypted db, but it did slow down the processing.
They also had the ability to encrypt stored procedures and triggers. That
didn't' seem to really slow down the system.

That being said, the encryption will keep the normal user out of the system,
but those aren't the people you need to worry about. The people you need to
worry about are the real hackers and they will be able to get around this
type of encryption. I'd like to see something to protect stored procedures
and triggers but overall I agree that a encrypted drive is probably the best
thing and require ssl connections.

Best Regards

Michael Gould

"Timothy Madden" <terminatorul(at)gmail(dot)com> wrote:
> Andreas 'ads' Scherbaum <adsmail(at)wars-nicht(dot)de> wrote:
>
>> If someone captures the machine the bad guy can install a network
>> sniffer and steal the database passwords upon connect.
>
> I think protecting against a keylogger is a different issue than
> database encryption. Is this why database encryption is "not needed"
> for PostgreSQL, as people here say ?
>
>
>>> With an encrypted database, you need the password anytime you connect,
>>> even if another application already has an open connection.
>>
>> See above, this doesn't help.
>>
>> If someone get's root access to your machine, nothing (no filesystem
>> and no database encryption) is goint to help you here.
>
>
> I would have to disagree with you here. The whole point of encryption
> is that you need the key in order to get your data back.
>
>
> Timothy Madden
>
> --
> Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-admin
>

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Suresh Borse 2010-04-07 12:50:13 Handling of images via Postgressql
Previous Message Tim Landscheidt 2010-04-07 12:05:13 Re: Database level encryption