Home > mailing lists

Re: Looking for advice on database encryption - Mailing list pgsql-general

From	Bill Moran
Subject	Re: Looking for advice on database encryption
Date	April 16, 2009 20:20:37
Msg-id	20090416162025.6c5e346d.wmoran@potentialtech.com Whole thread Raw
In response to	Re: Looking for advice on database encryption (Thomas Kellerer <spam_eater@gmx.net>)
Responses	Re: Looking for advice on database encryption ("Tim Bruce - Postgres" <postgres@tbruce.com>) Re: Looking for advice on database encryption (Thomas Kellerer <spam_eater@gmx.net>) Re: Looking for advice on database encryption ("Will Rutherdale (rutherw)" <rutherw@cisco.com>)
List	pgsql-general

Tree view

In response to Thomas Kellerer <spam_eater@gmx.net>:

> Bill Moran wrote on 16.04.2009 21:40:
> > The goal here is that if we're going to encrypt the data, it should
> > be encrypted in such a way that if an attacker gets ahold of a dump
> > of the database, they still can't access the data without the
> > passphrases of the individuals who entered the data.
>
> I'm by far not an expert, but my naive attempt would be to store the the
> database files in an encrypted filesystem.

That was the first suggestion when we started brainstorming ideas.
Unfortunately, it fails to protect us from the most likely attack
vector: SQL Injection/application layer bugs.  In an SQL Injection
(for example) the fact that the filesystem is encrypted does zero
to protect the sensitive data.

--
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/

pgsql-general by date:

From: John R Pierce
Date: 16 April 2009, 20:03:33
Subject: Re: Looking for advice on database encryption

From: Kenneth Tilton
Date: 16 April 2009, 20:37:35
Subject: string filtering in postgres?

Re: Looking for advice on database encryption - Mailing list pgsql-general

Previous

Next