Kris,
[Replying to list, too.]
On 7/16/10 10:14 AM, Kris Deugau wrote:
Craig James wrote:
This isn't exactly a Postgres question, but I hope someone in the
community has solved it.
I want to encrypt some data in Postgres that arrives from Apache. How
do you store an encryption key in such a way that Apache CGIs can get
it, but a hacker or rogue employee who manages to access the machine
can't find out the encryption key?
Short answer: You don't.
Longer answer: You can tie things up with public-key encryption so that
a different system can retrieve the data, but the system that put it in
can't because it only has the public (encryption) key, not the private
(decryption) key.
Even that isn't safe from a rogue employee - what if that rogue is your
seniour sysadmin with full root access on all your systems?
If we assume no escalation of priviliges, that is, Apache stays apache and users can't escalate to root, what then?
This must be a solved problem. Credit-card numbers are required to be encrypted by law. It wouldn't make sense for them to be encrypted but then find that the password is sitting around where anyone can find it. There must be any number of Postgres users who store encrypted credit card numbers and other personal data. How do they solve this problem?
Craig
--
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
