terminatorul@xxxxxxxxx (Timothy Madden) writes: > Andreas 'ads' Scherbaum <adsmail@xxxxxxxxxxxxx> wrote: > >> If someone captures the machine the bad guy can install a network >> sniffer and steal the database passwords upon connect. > > I think protecting against a keylogger is a different issue than > database encryption. Is this why database encryption is "not needed" > for PostgreSQL, as people here say ? No, the nuance is a bit different. It's not that "database encryption is not needed" - it's rather that "database encryption doesn't usefully protect against a terribly interesting set of attacks." When we think through the scenarios, while encrypting the whole database might seemingly protect against *some* attacks, that's not enough of the story: - There are various classes of attacks that it doesn't help one bit with. - In order to have the database accessible to the postmaster process, there needs to be a copy of the decryption key on that machine, and it is surprisingly difficult to protect that key from someone who has physical access to the machine. This has the result that people are inclined to suggest that encrypting the whole database mayn't actually be a terribly useful technique in practice. -- Know how to blow any problem up into insolubility. Know how to use the phrase "The new ~A system" to insult its argument, e.g., "I guess this destructuring LET thing is fixed in the new Lisp system", or better yet, PROLOG. -- from the Symbolics Guidelines for Sending Mail -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
