Re: Database level encryption - Mailing list pgsql-admin

From Andreas 'ads' Scherbaum
Subject Re: Database level encryption
Date
Msg-id 20100406145938.5037011e@platin.wars-nicht.de
Whole thread Raw
In response to Re: Database level encryption  (Timothy Madden <terminatorul@gmail.com>)
List pgsql-admin
On Tue, 6 Apr 2010 12:45:52 +0300 Timothy Madden wrote:

> The machine is a mini-laptop running almost all day time (actually
> there are many of them) and if the machine is captured it is likely to
> be captured while running. With an encrypted file system if the
> machine is already booted you already have access to the file system
> and can simply copy it and even place back the machine without anyone
> notice anything.

If someone captures the machine the bad guy can install a network
sniffer and steal the database passwords upon connect.



> With an encrypted database, you need the password anytime you connect,
> even if another application already has an open connection.

See above, this doesn't help.

If someone get's root access to your machine, nothing (no filesystem
and no database encryption) is goint to help you here.



Bye

--
                Andreas 'ads' Scherbaum
German PostgreSQL User Group
European PostgreSQL User Group - Board of Directors
Volunteer Regional Contact, Germany - PostgreSQL Project

pgsql-admin by date:

Previous
From: Renato Oliveira
Date:
Subject: Re: List of postgreSQL databases
Next
From: "Kevin Grittner"
Date:
Subject: Re: Database level encryption