| From: | Timothy Madden <terminatorul(at)gmail(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Database level encryption |
| Date: | 2010-04-05 20:30:10 |
| Message-ID: | m2r5078d8af1004051330n1874e532u3c88fd1bc31c8697@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
My scenario is how to protect the database if the machine is stolen
(it is a mini-laptop), and
I would like to encrypt the entire database, that is all columns of
all tables, and if possible
everything else found in the database.
I would like all searching and sorting functions, just like with a
normal database (that is,
transparent encryption for the application level). The password will
be entered by a human in
order to start the application. The application exits after three
unsuccessful attempts, but
nothing prevents the user to start the application again; the number
of failures is not counted.
However if the database could count that I would not mind. I want a
single password for
data access to the entire database, there is only one database user
involved anyway.
I do not see the careful analysis required that you write about, I
would say I am asking for
SGBD support for database-level encryption.
Thank you,
Timothy Madden
On Sat, Apr 3, 2010 at 8:03 PM, Joe Conway <mail(at)joeconway(dot)com> wrote:
> On 04/03/2010 06:35 AM, Timothy Madden wrote:
>> I can only see how PostgreSQL encrypts the password or the connection
>> in the documentation, and for the database I can see application-level
>> encryption with pgcrypto (and filesystem level encryption), How could
>> I get database level encryption in PostgreSQL ?
>
> This is an extremely broad question, and you have barely begun to
> provide enough information to answer it. For starters:
>
> 1. What is your threat scenario?
> a) The physical machine is stolen
> b) A database dump is stolen
> c) Someone roots your system
> d) Someone compromises your application, via SQL injection, etc
>
> 2. What data needs to be encrypted?
> a) All columns of all tables
> b) Selected columns of selected tables
>
> 3. Do you need to be able to search or sort on any of the encrypted
> columns?
>
> 4. Is your password stored somewhere on the hardware, or is it entered
> by a human every time the application starts?
>
> 5. Do you want a single password for all data access, or is the
> encryption by user or some other segmentation?
>
> 6. Is brute-force cracking of the password a concern? Will your
> application shut down repeated failed attempts?
>
> There is no magic bullet. This requires careful thought, analysis, and
> trade-offs.
>
> Joe
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Marlowe | 2010-04-05 20:34:53 | Re: Database level encryption |
| Previous Message | Kevin Crain | 2010-04-05 20:11:22 | Configuration questions |