| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | Manuel Gysin <manuel(dot)gysin(at)quantum-bytes(dot)com> |
| Cc: | craig(at)postnewspapers(dot)com(dot)au, Merlin Moncure <mmoncure(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Encryption For Specific Column- Where to store the key |
| Date: | 2011-06-16 08:41:40 |
| Message-ID: | BANLkTik0ezHpbp3dNKsy_D6LLKdkgsdOOA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
2011/6/16 Manuel Gysin <manuel(dot)gysin(at)quantum-bytes(dot)com>:
>>From: "Pavel Stehule" <pavel(dot)stehule(at)gmail(dot)com>
>>
>>Hello
>>
>>try to use a security definer functions
>>
>>http://www.postgresql.org/docs/current/static/sql-createfunction.html
>>
>>inside this function you can access to resourcess thats are no
>>available from outer for web user
>>
>>Regards
>>
>>Pavel Stehuke
>
> I understand the idea behind it but it does not protect me when someone can dump the whole database.
> He can simply change the user credentials and can access this function. But anyway thanks for the hint, it's useful to improve security!
>
if attacker can dump a database, then any protection is terrible hard
or impossible :(
if you store some very good salted hash instead password to database,
then access to dump isn't helpful for attacker.
Regards
Pavel Stehule
p.s. any security protections are thin without full control over server.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John R Pierce | 2011-06-16 08:44:55 | Re: streaming replication trigger file |
| Previous Message | Manuel Gysin | 2011-06-16 08:35:13 | Re: Encryption For Specific Column- Where to store the key |