On Sat, Feb 05, 2005 at 09:08:00PM -0500, Ron Peterson wrote: > I would like to be able to assert that the security of data stored > as a value in a PostgreSQL table can be as high as the security of > saving that same piece of data to a file on disk. Would that be > correct? I hate to put it so bluntly, but "security" isn't a product that you buy or a service that you use. It's not even a rigid set of procedures, however well-thought-out such a set might be. Instead, it's a large and by its nature flexible set of processes that you must implement and keep up to date. What distinguishes security in the computer field from other kinds of things involving computers is the existence of one or more attackers. In re: how to do security, I'll quote Bruce Schneier's 5-step security evaluation: 1. What assets are you trying to protect? 2. What are the risks to those assets? 3. How well does the security solution mitigate those risks? 4. What other risks does the security solution cause? 5. What costs and tradeoffs does the security solution impose? Until you have answered questions 1 and 2, you can't even start on an implementation. Cheers, D -- David Fetter david@xxxxxxxxxx http://fetter.org/ phone: +1 510 893 6100 mobile: +1 415 235 3778 Remember to vote! ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to majordomo@xxxxxxxxxxxxxx)
