Greetings,
I have matching couple of security requirements, speaking about preserving data confidentiality and integrity in PostgreSQL DB during packaging for transmission / unpacking from transmission.
Important: let's assume data at rest is encrypted using EFS and data at transit is encrypted using ciphers, provided by OpenSSL.
So, with that in mind, please, help me to understand movement and location of the data between the moment when it is pulled from file system and encrypted as network package going through the SSL tunnel.
And reversing it - between the moment network package arrived through the SSL tunnel is decrypted and the moment its content is placed into the file system.
For those interested, here are requirements themselves, quoted:
1) The DBMS must maintain the confidentiality and integrity of information during preparation for transmission.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information.
Use of this requirement will be limited to situations where the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
When transmitting data, the DBMS, associated applications, and infrastructure must leverage transmission protection mechanisms.
2) The DBMS must maintain the confidentiality and integrity of information during reception.
Information can be either unintentionally or maliciously disclosed or modified during reception, including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information.
This requirement applies only to those applications that are either distributed or can allow access to data non-locally. Use of this requirement will be limited to situations where the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
When receiving data, the DBMS, associated applications, and infrastructure must leverage protection mechanisms.
Thanks,
Oleg