Re: Database level encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/03/2010 06:35 AM, Timothy Madden wrote:
> I can only see how PostgreSQL encrypts the password or the connection
> in the documentation, and for the database I can see application-level
> encryption with pgcrypto (and filesystem level encryption), How could
> I get database level encryption in PostgreSQL ?

This is an extremely broad question, and you have barely begun to
provide enough information to answer it. For starters:

1. What is your threat scenario?
   a) The physical machine is stolen
   b) A database dump is stolen
   c) Someone roots your system
   d) Someone compromises your application, via SQL injection, etc

2. What data needs to be encrypted?
   a) All columns of all tables
   b) Selected columns of selected tables

3. Do you need to be able to search or sort on any of the encrypted
   columns?

4. Is your password stored somewhere on the hardware, or is it entered
   by a human every time the application starts?

5. Do you want a single password for all data access, or is the
   encryption by user or some other segmentation?

6. Is brute-force cracking of the password a concern? Will your
   application shut down repeated failed attempts?

There is no magic bullet. This requires careful thought, analysis, and
trade-offs.

Joe

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux