On Fri, Jul 16, 2010 at 10:26 AM, Craig James <craig_james@xxxxxxxxxxxxxx> wrote: > On 7/16/10 10:14 AM, Kris Deugau wrote: >> >> Craig James wrote: >>> >>> This isn't exactly a Postgres question, but I hope someone in the >>> community has solved it. >>> >>> I want to encrypt some data in Postgres that arrives from Apache. How >>> do you store an encryption key in such a way that Apache CGIs can get >>> it, but a hacker or rogue employee who manages to access the machine >>> can't find out the encryption key? >> >> Short answer: You don't. >> >> Longer answer: You can tie things up with public-key encryption so that >> a different system can retrieve the data, but the system that put it in >> can't because it only has the public (encryption) key, not the private >> (decryption) key. >> >> Even that isn't safe from a rogue employee - what if that rogue is your >> seniour sysadmin with full root access on all your systems? > > If we assume no escalation of priviliges, that is, Apache stays apache and > users can't escalate to root, what then? > > This must be a solved problem. Credit-card numbers are required to be > encrypted by law. It wouldn't make sense for them to be encrypted but then > find that the password is sitting around where anyone can find it. There > must be any number of Postgres users who store encrypted credit card numbers > and other personal data. How do they solve this problem? Bruce has a presentation on this subject: http://momjian.us/main/writings/pgsql/securing.pdf Although, I don't know if it has an illustration that exactly matches your problem. -- Regards, Richard Broersma Jr. Visit the Los Angeles PostgreSQL Users Group (LAPUG) http://pugs.postgresql.org/lapug -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
