Ok people thank you for your answers. Timothy Madden On Wed, Apr 7, 2010 at 3:25 PM, Michael Gould <mgould@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > Timothy, > > I've worked with SQL Anywhere which does have database encryption. There > are pluses to having a encrypted db, but it did slow down the processing. > They also had the ability to encrypt stored procedures and triggers. That > didn't' seem to really slow down the system. > > That being said, the encryption will keep the normal user out of the system, > but those aren't the people you need to worry about. The people you need to > worry about are the real hackers and they will be able to get around this > type of encryption. I'd like to see something to protect stored procedures > and triggers but overall I agree that a encrypted drive is probably the best > thing and require ssl connections. > > Best Regards > > Michael Gould > > > > "Timothy Madden" <terminatorul@xxxxxxxxx> wrote: >> Andreas 'ads' Scherbaum <adsmail@xxxxxxxxxxxxx> wrote: >> >>> If someone captures the machine the bad guy can install a network >>> sniffer and steal the database passwords upon connect. >> >> I think protecting against a keylogger is a different issue than >> database encryption. Is this why database encryption is "not needed" >> for PostgreSQL, as people here say ? >> >> >>>> With an encrypted database, you need the password anytime you connect, >>>> even if another application already has an open connection. >>> >>> See above, this doesn't help. >>> >>> If someone get's root access to your machine, nothing (no filesystem >>> and no database encryption) is goint to help you here. >> >> >> I would have to disagree with you here. The whole point of encryption >> is that you need the key in order to get your data back. >> >> >> Timothy Madden >> >> -- >> Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) >> To make changes to your subscription: >> http://www.postgresql.org/mailpref/pgsql-admin >> > > > -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
