Re: Hiding data in postgresql

Hector Beyers <hqbeyers@xxxxxxxxx> · Tue, 25 May 2010 09:58:00 +0200

No, I have not considered encrypting or decrypting data. The reason for this is that I am trying to secure a database by thinking like a malicious user / criminal. I want to hide (for example) fraudulent data on a database where it is not easily seen by others and then build a tool to detect this hidden data. 

On your questions:

*) What data is to remain secret?
*) Who is allowed to see the secret data?
*) When do they see it?
*) What sacrifices are you willing to make to keep the data secret?

*) Where are you going to store the key?

the answers:
fraudulent data / or data that needs to be hidden.
only the malicious user - and hopefully later a detection mechanism that I aim to build.
I don't really have a preference on when they can see the data, but maybe when you export a dump. 
The main purpose of hiding the data is that the normal users of the database will not easily find the hidden data. If this criteria is met, then any other sacrifices can be made. 
Still need to figure that one out. 

Any good brainstorming ideas will help!

On Mon, May 24, 2010 at 11:04 PM, Merlin Moncure <mmoncure@xxxxxxxxx> wrote:

On Mon, May 24, 2010 at 3:16 PM, Hector Beyers <hqbeyers@xxxxxxxxx> wrote:

>

> Hi guys,

> does ANYONE have any tips on hiding data on a database server? This means

> that data is stored in places that is not necessarily picked up in the

> schema of the database. I am doing some research on databases and need some

> direction.

> Any help or direction will be highly appreciated.

First question: Have you considered 1. encrypting data when you put it

in the database and 2. decrypting it when you pull it out?

Let me humbly state that the #1 problem that beginners face with

security and encryption is focusing too much on the mechanics and not

enough on the 'big picture' issues:

*) What data is to remain secret?

*) Who is allowed to see the secret data?

*) When do they see it?

*) What sacrifices are you willing to make to keep the data secret?

*) Where are you going to store the key?

Answers to those questions should get you more helpful answers.

Postgres has a lot of features to hide data, some obvious (pgcrypto,

grant/revoke) and some not so obvious (revoking permissions from

pg_proc).  Judging from your question you may be interested in some

extra-special techniques...please be more specific!

merlin