Re: Database Encryption (now required by law in Italy) - Mailing list pgsql-admin

From Silvana Di Martino
Subject Re: Database Encryption (now required by law in Italy)
Date
Msg-id 200403052132.50642.silvanadimartino@tin.it
Whole thread Raw
In response to Re: Database Encryption (now required by law in Italy)  ("scott.marlowe" <scott.marlowe@ihs.com>)
Responses Re: Database Encryption (now required by law in Italy)
List pgsql-admin
Alle 19:38, venerdì 5 marzo 2004, scott.marlowe ha scritto:
> > Unfortunately, the new Italian law forces us to take seriously into
> > account this catastrophic scenario and another one that is almost as
> > worring: an unfaithful SysAdmin that copies your data and sells them to
> > KGB. So, database encryption (and not disk encryption) is the _only_
> > answer.
>
> the only way for this to work is for it to be a "two key system" like the
> military uses for missile launch.
>
> One sysadmin as the "key" to the database box, but the data is encrypted
> before being sent to the database box on another system with another admin
> with another "key".  Preferably these two would never interact or know
> each other.

Well, this is not necessarly true. Data maintainers and SysAdmin performs
different tasks (accordingly to italian law):
- SysAdmins take care of the hardware and of the software. They should never
need to access data. They just need to access the RDBMS software and its
configuration.
- Just Data Maintainers need to access data.
This should allow us to have two password for two different tasks. So, there
is not any need to use the military scheme to enforce data security.

See you
-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni@interfree.it
silvanadimartino@tin.it

pgsql-admin by date:

Previous
From: Silvana Di Martino
Date:
Subject: Re: Database Encryption (now required by law in Italy)
Next
From: Stephan Szabo
Date:
Subject: Re: Database Encryption (now required by law in Italy)