Home > mailing lists

Re: Creditcard Number Security was Re: Encrypted column - Mailing list pgsql-general

From	Andrew Sullivan
Subject	Re: Creditcard Number Security was Re: Encrypted column
Date	June 5, 2007 20:52:09
Msg-id	20070605205121.GB6595@phlogiston.dyndns.org Whole thread Raw
In response to	Creditcard Number Security was Re: Encrypted column ("Peter Childs" <peterachilds@gmail.com>)
Responses	Re: Creditcard Number Security was Re: Encrypted column (Guy Fraser <guy@incentre.net>)
List	pgsql-general

Tree view

On Tue, Jun 05, 2007 at 07:29:02PM +0100, Peter Childs wrote:
> Unfortunately you still need to store them somewhere,  and all systems can
> be hacked.

Yes.  I agree, in principle, that "don't store them" is the best
advice -- this is standard _Translucent Databases_ advice, too.  For
the least-stealable data is the data you don't have.

But if there is a business case, you have to do the trade off.  And
security is always a tradeoff (to quote Schneier); just do it well.
(Someone else's advice about hiring a security expert to audit this
sort of design is really a good idea.)

A

--
Andrew Sullivan  | ajs@crankycanuck.ca
The plural of anecdote is not data.
        --Roger Brinner

pgsql-general by date:

From: "Dave Page"
Date: 05 June 2007, 20:37:31
Subject: Re: pl/pgsql debuging, was Re: debugging C functions

From: Vincenzo Romano
Date: 05 June 2007, 21:40:41
Subject: Running v8.1 amd v8.2 at the same time for a transition

Re: Creditcard Number Security was Re: Encrypted column - Mailing list pgsql-general

Previous

Next