Alle 17:29, lunedì 8 marzo 2004, Joe Conway ha scritto:
> Silvana Di Martino wrote:
> > Oracle has a built-in feature for encrypting/decrypting this password's
> > password.
>
> Right, and this master password is only protected because Oracle is
> closed source. It is not possible to do the same thing with Postgres
> because you could find the master key (or the algorithm to produce it)
> in the source code.
>
> However this amounts to "security by obscurity", and anyone serious
> about encryption will tell you it is insufficient. There is no way to
> have cryptographically sound protection of your data using a key
> embedded in the software like that.
Right. I completely agree. The only way to implement such a mechanism in a
open source product is to keep the password away from the RDBMS host. See my
previous messages for a plausible scenario.
See you
-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni@interfree.it
silvanadimartino@tin.it
