Re: Postgresql + digital signature

Very interesting point of view.
Yes, you're right about the manage key problem.
The grant database access looks like a real solution.

Thanks a lot for your advice.

Best Regards,

Luis Alberto Perez Paz

On Jan 23, 2008 11:20 AM, David Wall <d(dot)wall(at)computer(dot)org> wrote:

>
> > We're in a stage where I need to implement a mechanism to prevent the
> > data modification.
> >
> > I'm thinking on 'Digital Signatures' (maybe RSA) in each row. If
> > there's a modification, the signature doesn't verify.
> Like all such solutions, the key (lame pun intended) is how to do you
> manage the keys? Obviously, when the digitally signed data is inserted,
> the private key must be accessible. If you then do an update and also
> have access to the keys, then new digitally signed data would be there.
>
> Is there no way for your application to ensure that once data is
> inserted, it cannot be changed?
>
> You can also grant database access with just SELECT,INSERT permissions
> so that an UPDATE and DELETE are not allowed.
>
> We store lots of digitally signed data as BLOBs in PG, but control this
> at the application level since it's the one that has access to the
> private key, and our application has no UPDATE/DELETE calls.
>
> Good luck,
> David
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
> http://archives.postgresql.org/
>

--
paz, amor y comprensión
(1967-1994)