From: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
---|---|
To: | Timothy Madden <terminatorul(at)gmail(dot)com> |
Cc: | Joe Conway <mail(at)joeconway(dot)com>, pgsql-admin(at)postgresql(dot)org |
Subject: | Re: Database level encryption |
Date: | 2010-04-05 20:34:53 |
Message-ID: | v2ldcc563d11004051334ledfcd2b2gf8db60ca48b43118@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On Mon, Apr 5, 2010 at 2:30 PM, Timothy Madden <terminatorul(at)gmail(dot)com> wrote:
> My scenario is how to protect the database if the machine is stolen
> (it is a mini-laptop), and
> I would like to encrypt the entire database, that is all columns of
> all tables, and if possible
> everything else found in the database.
>
> I would like all searching and sorting functions, just like with a
> normal database (that is,
> transparent encryption for the application level). The password will
> be entered by a human in
> order to start the application. The application exits after three
> unsuccessful attempts, but
> nothing prevents the user to start the application again; the number
> of failures is not counted.
> However if the database could count that I would not mind. I want a
> single password for
> data access to the entire database, there is only one database user
> involved anyway.
>
> I do not see the careful analysis required that you write about, I
> would say I am asking for
> SGBD support for database-level encryption.
Everything you've said so far points to using a mounted encrypted
drive to store the db. Windows and Linux both support this, and I'm
sure Mac does too. The fact that a different tool is needed for each
OS might be an issue. It's dirt simple to setup an encrypted drive on
linux where the user types in the passphrase on each boot. Some
laptops have wonky behaviour bringing up drives on USB at bootup tho
(I'm looking at a Dell that's sitting in the cube next to me that has
issues a BIOS update can't fix.)
From | Date | Subject | |
---|---|---|---|
Next Message | Kevin Grittner | 2010-04-05 20:46:48 | Re: Database level encryption |
Previous Message | Timothy Madden | 2010-04-05 20:30:10 | Re: Database level encryption |