Search Postgresql Archives

Re: Securing Postgres

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 04:48 PM 10/5/2005 +0200, L van der Walt wrote:

The big problem is that the administrators works for the client and not for me. I don't want the client to reverse engineer my database. There might be other applications on the server so the administrators do require root access.

If it's so important to you, put it on a secured separate physical server, use encryption, and you admin it.

If you do it right, you should be able to make the client pay for the separate server ;).

Virtual machines aren't an option, performance on x86 platforms isn't so good for now AND most VM products often have a snapshot/suspend feature, which might be useful for looking in the "RAM" for keys and stuff...

About the raw database files,  I can use encryption to protect the data.

I'm sure at some point you'd need to decrypt the data, so be careful how you do things at that point. How are you going to do it?

Don't forget, if you secure things so much, it gets hard for the client too.

The client may also ask: how can they trust you?

I wouldn't recommend anybody to have any of their critical/important data in an encrypted database which they have no access to without a 3rd party's help.

Regards,
Link.


---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

              http://archives.postgresql.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux