My scenario is how to protect the database if the machine is stolen (it is a mini-laptop), and I would like to encrypt the entire database, that is all columns of all tables, and if possible everything else found in the database. I would like all searching and sorting functions, just like with a normal database (that is, transparent encryption for the application level). The password will be entered by a human in order to start the application. The application exits after three unsuccessful attempts, but nothing prevents the user to start the application again; the number of failures is not counted. However if the database could count that I would not mind. I want a single password for data access to the entire database, there is only one database user involved anyway. I do not see the careful analysis required that you write about, I would say I am asking for SGBD support for database-level encryption. Thank you, Timothy Madden On Sat, Apr 3, 2010 at 8:03 PM, Joe Conway <mail@xxxxxxxxxxxxx> wrote: > On 04/03/2010 06:35 AM, Timothy Madden wrote: >> I can only see how PostgreSQL encrypts the password or the connection >> in the documentation, and for the database I can see application-level >> encryption with pgcrypto (and filesystem level encryption), How could >> I get database level encryption in PostgreSQL ? > > This is an extremely broad question, and you have barely begun to > provide enough information to answer it. For starters: > > 1. What is your threat scenario? > a) The physical machine is stolen > b) A database dump is stolen > c) Someone roots your system > d) Someone compromises your application, via SQL injection, etc > > 2. What data needs to be encrypted? > a) All columns of all tables > b) Selected columns of selected tables > > 3. Do you need to be able to search or sort on any of the encrypted > columns? > > 4. Is your password stored somewhere on the hardware, or is it entered > by a human every time the application starts? > > 5. Do you want a single password for all data access, or is the > encryption by user or some other segmentation? > > 6. Is brute-force cracking of the password a concern? Will your > application shut down repeated failed attempts? > > There is no magic bullet. This requires careful thought, analysis, and > trade-offs. > > Joe > > -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
