| From: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my> |
|---|---|
| To: | L van der Walt <mailing(at)lani(dot)co(dot)za>, Richard Huxton <dev(at)archonet(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Securing Postgres |
| Date: | 2005-10-05 15:37:55 |
| Message-ID: | 5.2.1.1.1.20051005232349.02e29610@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
At 04:48 PM 10/5/2005 +0200, L van der Walt wrote:
>The big problem is that the administrators works for the client and not
>for me. I don't want the client to reverse engineer my database.
>There might be other applications on the server so the administrators do
>require root access.
If it's so important to you, put it on a secured separate physical server,
use encryption, and you admin it.
If you do it right, you should be able to make the client pay for the
separate server ;).
Virtual machines aren't an option, performance on x86 platforms isn't so
good for now AND most VM products often have a snapshot/suspend feature,
which might be useful for looking in the "RAM" for keys and stuff...
>About the raw database files, I can use encryption to protect the data.
I'm sure at some point you'd need to decrypt the data, so be careful how
you do things at that point. How are you going to do it?
Don't forget, if you secure things so much, it gets hard for the client too.
The client may also ask: how can they trust you?
I wouldn't recommend anybody to have any of their critical/important data
in an encrypted database which they have no access to without a 3rd party's
help.
Regards,
Link.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Modern Mexican | 2005-10-05 15:41:48 | Re: Untyped result (setof / rowset) from Functions ? |
| Previous Message | Stefan 'Kaishakunin' Schumacher | 2005-10-05 15:32:23 | Re: Securing Postgres |