Hi Marco, The problem I described in the first mail is that because of some unknown reasons, if you save the server.key file with a passphrase, you will be prompted to enter the passphrase every time you start the server AND a client make a connection, which actually forbids us to use a passphrase to protect the key file, therefore the key file have to be saved in plaintext without encryption. EFS is a feature provided by Windows which will encrypt any selected file using a symmetric algorithm, the symmetric key will encrypted by the user¡¯s public key and the recovery agent¡¯s public key and the encrypted key will be saved within the file header. Thus only the user and recovery agent can decrypt it. And for another user, he cannot even open it (but can delete it). So we can ensure no one can read and modify it. Decryption is transparent to users and applications. The operation system will do it automatically if it can find appropriate private key. The difference between this and -r-------- 1 postgres postgres 50 Jan 15 21:15 is that the file is encrypted using EFS, while the latter is remain plaintext. When you backup the file, it remains encrypted. If you restore the file to a file system which doesn¡¯t support EFS (non-NTFS), it will corrupt, else it will remain encrypted. cheers, Changyu --- Marco Colombo <pgsql@xxxxxxxxxx> wrote: > > You mean that every process that runs as "postgres" > has the ability to > read the file _without typing any password_? Or when > you start > PostgreSQL it prompts for one? Can "administrator" > read it _without > knowing password_? > > I may be missing something, but what's the > difference with a file like > this: > > -r-------- 1 postgres postgres 50 Jan 15 21:15 > akey > > in any Unix system? Only "postgres" and "root" can > read it. > > How about backups? Does the backup process (I assume > it runs as > administrator) store the key in cleartext? > > .TM. > -- > ____/ ____/ / > / / / Marco > Colombo > ___/ ___ / / Technical > Manager > / / / ESI s.r.l. > _____/ _____/ _/ > Colombo@xxxxxx > > > On Wed, 2005-06-08 at 10:00 -0700, dong changyu > wrote: > > Hi, > > A possible countermeasure on Windows platform, > > inspired by Magnus.Thanks ;) > > First we remove the passphrase from the key file, > > making it plain. > > Windows provides a feature "encrypted file > system", > > provide transparent encryption/decryption. We can > log > > on using the account we run Postgres with and > encrypt > > the plaintext key file. Then we logon using > another > > non-amin account, and start postgres using "runas" > > service. Therefore the file is encrypted, only the > > Postgres acount and the recovery agent(built-in > > administrator by default) can read/modify it. The > file > > will remain encrypted when restored from backup. > > I've tested it on my computer and it works. > > > > cheers, > > Changyu __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
