Hi Tim, > On 23. Jul, 2020, at 07:34, Tim Cross <theophilusx@xxxxxxxxx> wrote: > > Yes, I think the IT heads issue is the primary driver - combined with > very poor understanding of information security at senior levels and a > huge growth of poor quality and 'snake oil salesmen' in the IT security space > due to the amount of money ill informed senior managers are throwing at > what they think is a technical problem which usually is in fact a > business process problem. and the best solution to that nonsense comes from the big red O. They use PKCS#12 wallets. Good, but as soon as you need auto-open wallets, which you do for every automated job like backups, you put the key right next to it. So it's like having a big safe in your house but the combination of the lock is written all over it. So much for security by obscurity. For PostgreSQL we use a umask of 077 in our profile. That's why I keep telling my IT head that this is enough and it does not make sense to put the key next to the safe. Cheers, Paul
