From: | Michael Gould <mgould(at)intermodalsoftwaresolutions(dot)net> |
---|---|
To: | Timothy Madden <terminatorul(at)gmail(dot)com>, Andreas 'ads' Scherbaum <adsmail(at)wars-nicht(dot)de> |
Cc: | Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>, pgsql-admin(at)postgresql(dot)org, Joe Conway <mail(at)joeconway(dot)com> |
Subject: | Re: Database level encryption |
Date: | 2010-04-07 12:25:52 |
Message-ID: | 4fafa57d090e57bb44ec5a177ecf292e@intermodalsoftwaresolutions.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Timothy,
I've worked with SQL Anywhere which does have database encryption. There
are pluses to having a encrypted db, but it did slow down the processing.
They also had the ability to encrypt stored procedures and triggers. That
didn't' seem to really slow down the system.
That being said, the encryption will keep the normal user out of the system,
but those aren't the people you need to worry about. The people you need to
worry about are the real hackers and they will be able to get around this
type of encryption. I'd like to see something to protect stored procedures
and triggers but overall I agree that a encrypted drive is probably the best
thing and require ssl connections.
Best Regards
Michael Gould
"Timothy Madden" <terminatorul(at)gmail(dot)com> wrote:
> Andreas 'ads' Scherbaum <adsmail(at)wars-nicht(dot)de> wrote:
>
>> If someone captures the machine the bad guy can install a network
>> sniffer and steal the database passwords upon connect.
>
> I think protecting against a keylogger is a different issue than
> database encryption. Is this why database encryption is "not needed"
> for PostgreSQL, as people here say ?
>
>
>>> With an encrypted database, you need the password anytime you connect,
>>> even if another application already has an open connection.
>>
>> See above, this doesn't help.
>>
>> If someone get's root access to your machine, nothing (no filesystem
>> and no database encryption) is goint to help you here.
>
>
> I would have to disagree with you here. The whole point of encryption
> is that you need the key in order to get your data back.
>
>
> Timothy Madden
>
> --
> Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-admin
>
From | Date | Subject | |
---|---|---|---|
Next Message | Suresh Borse | 2010-04-07 12:50:13 | Handling of images via Postgressql |
Previous Message | Tim Landscheidt | 2010-04-07 12:05:13 | Re: Database level encryption |