Secure DB Systems - How to

From: "Sarah Tanembaum" <sarahtanembaum(at)yahoo(dot)com>
To: pgadmin-support(at)postgresql(dot)org
Cc: pgsql-admin(at)postgresql(dot)org, pgsql-hackers-win32(at)postgresql(dot)org, pgsql-php(at)postgresql(dot)org, pgsql-sql(at)postgresql(dot)org
Subject: Secure DB Systems - How to
Date: 2004-07-08 15:49:36
Message-ID: ccjra4$pgl$1@sea.gmane.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgadmin-support pgsql-admin pgsql-hackers-win32 pgsql-php pgsql-sql

I was wondering if it is possible to create a secure database system
usingPostgreSQL/PHP combination?

I have the following in mind:

I wanted to store all my( and my brothers and sisters) important document
information such as birth certificate, SSN, passport number, travel
documents, insurance(car, home, etc) document, and other important documents
imagined in the database.

The data will be entered either manually and/or scanned(with OCR). I need to
be able to search on all the fields in the database.

We have 10 computers(5bros, 4sisters, and myself) plus 1 server with I
maintained. The data should be synchronize/replicate between those
computers.

Well, so far it is easy, isn't it?

Here's my question:

a) How can I make sure that it secure so only authorized person can
modify/add/delete the information? Beside transaction logs, are there any
other method to trace any transaction(kind of paper trail)?

Assuming there are 3 step process to one enter the info e.g:
- One who enter the info (me)
- One who verify the info(the owner of info)
- One who verify and then commit the change!
How can I implement such a process in PostgreSQL and/or PHP or any other web
language?

b) How can I make sure that no one can tap the info while we are entering
the data in the computer? (our family are scattered within US and Canada)

c) Is it possible to securely synchronize/replicate between our computers
using VPN? Does PostgreSQL has this functionality by default?

d) Other secure method that I have not yet mentioned.

Anyone has good ideas on how to implement such a systems?

Thanks

Responses

Browse pgadmin-support by date

  From Date Subject
Next Message Bruno Wolff III 2004-07-09 15:27:22 Re: [PHP] Secure DB Systems - How to
Previous Message Keith C. Perry 2004-07-07 18:29:55 Re: FYI: "clear window" function not working

Browse pgsql-admin by date

  From Date Subject
Next Message Mike Rylander 2004-07-08 15:55:31 Re: cross databases?
Previous Message Hilary Forbes 2004-07-08 15:46:27 Re: cross databases?

Browse pgsql-hackers-win32 by date

  From Date Subject
Next Message Sarah Tanembaum 2004-07-08 16:28:34 Re: PgSQL not as Administrator - probs on windows
Previous Message Tony and Bryn Reina 2004-07-08 14:21:45 Re: Finding zlib on MinGW

Browse pgsql-php by date

  From Date Subject
Next Message Elijah O. Alcantara 2004-07-09 02:39:28 wouldn't insert
Previous Message Martin Marques 2004-07-07 19:52:43 Re: Warning: pg_fetch_row(): ...

Browse pgsql-sql by date

  From Date Subject
Next Message Együd Csaba 2004-07-09 05:15:13 Re: Constraint->function dependency and dump in 7.3
Previous Message Pedro B. 2004-07-08 13:36:37 Newbie (to postgres) question