Re: Database level encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Timothy,

On Wed, 7 Apr 2010 13:45:11 +0300 Timothy Madden wrote:

> On Wed, Apr 7, 2010 at 1:07 AM, Kevin Grittner
> <Kevin.Grittner@xxxxxxxxxxxx> wrote:
> > Timothy Madden <terminatorul@xxxxxxxxx> wrote:
> >
> [...]
> > But the server needs to read certain data from the database
> > directory in order to start.  In particular, WAL files need to be
> > read to get a clean start, and those can contain any data from the
> > database table.  Any or all tables may need to be accessed to get
> > the database to a consistent point on startup.  Plus there are all
> > the system catalogs, including the ones needed to authenticate
> > users.
> 
> OK let's put the key logger issue aside from database encryption.

No, because that's one of the main problems.

If someone already goot root access on this laptop, he can snuff
keystrokes or the network traffic and capture all kind of passwords
(and other interesting information).

Basically your database, running on an unprivileged account, is only as
secure as the root account.



> I am willing to accept that the server may need to read the list of
> tables/schema-objects in the database, and some leftover data, in
> order to start, as long as the leftover data is immediately discarded
> upon start-up, and as long as it is likely that this data is not a
> large fraction of the data found in the database. It would still be
> nice if this check or clean-up could be delayed until such time some
> user really selects the database for use, and provides a password.

There's more:

- Vacuum reads whole memory pages, so any kind of encryption can only be
  on row level.
- Analyze stores the most common values per column, so it must be able
  to scan the columns without the password. Else the planer won't have
  reasonable good data. In addition: the statistics data is stored in
  system tables, so your password must apply here too.



Bye

-- 
				Andreas 'ads' Scherbaum
German PostgreSQL User Group
European PostgreSQL User Group - Board of Directors
Volunteer Regional Contact, Germany - PostgreSQL Project

-- 
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux