Search Postgresql Archives

Re: Securing Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/28/2016 4:16 PM, jesusthefrog wrote:

If you're storing HIPAA data and/or PII then just make sure it's encrypted at rest. We just did this at my workplace by using full disk encryption on the disk which stores the DB files.
That may not be the best solution, but it appears to work well enough.


data really should be encrypted at the end point it originates and only decrypted at the end point where its used.    yes, this presents all sorts of annoying issues for everything in between, but anything less is false security.

the problem with full disk encryption, as long as the volume is mounted, the data is visible as the encryption keys are loaded at boot or mount time.  the only threat model FDE protects against is physical theft of the server.



-- 
john r pierce, recycling bits in santa cruz
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux