Search Postgresql Archives

Re: Page-Level Encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quoting Scott Marlowe <smarlowe@xxxxxxxxxxxxxxxxx>:

Having the table containing the index, or the database object,
encrypted would protect against system admins,

IF they've got root, and the unencrypted data or the password / key is
on the machine or in memory on it, you've lost.  It may make it harder
for them to get it, but they can.


The password shouldn't be saved anywhere, it should be entered manually when the application starts. Or, only store it on secure removable media. But it would be better than the options that exist today. You're right; there is no perfect security, especially when the box has been rooted. They would have to get root while the machine is powered on, the database engine is running, and the user was authenticated and logged in. It might be possible to implement a "kill" switch, where upon receipt of a signal the user would be logged out and the memory scrubbed of the private key data.

David




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux