Postgres Pro
Downloads
Home   >   mailing lists

Re: Re: Encrypting database? - Mailing list pgsql-general

From Justin Clift
Subject Re: Re: Encrypting database?
Date
Msg-id 3B4BD8AE.152BE7F9@postgresql.org
Whole thread Raw
In response to Re: Encrypting database?  (Allan Engelhardt <allane@cybaea.com>)
List pgsql-general
Tree view 
Hi,

One solution which can be used in linux is to have your PostgreSQL data
stored in an encrypted partition.  That way if people rip off your hard
drive, without the passphrase they don't really have any good way of
getting your data.

http://www.kerneli.org

:-)

Regards and best wishes,

Justin Clift

Allan Engelhardt wrote:
>
> Michael,
>
> On the break-in scenario:
>
> Doing this at the database level would not be productive.  This should be done at the driver hardware level
(preferred)or at the very least at the operating system level. 
>
> See the "Loopback Encrypted Filesystem HOWTO" at http://encryptionhowto.sourceforge.net/ for one way you can achieve
thisin Linux. 
>
> On the row level scenario:
>
> You would probably want to encrypt at the client level for this.  The client knows the user, and hence can get the
rightpassword, and you don't really want paintext over TCP/IP: better to send the encrypted data to the client. 
>
> There are plenty of encryption algorithms out there with libraries to help you.  I like Blowfish
(http://www.counterpane.com/blowfish.html),but whatever you choose: THERE IS MORE TO SECURITY THAN CHOOSING AN
ENCRYPTIONALGORITHM.  You have to look at the WHOLE system. 
>
> Allan.
>
> Michal Prinke wrote:
>
> > Hello,
> >
> > Suppose I have some very important data stored in my PostgreSQL 7.1.2
> > database. One day, someone breaks into my office and takes my hard disk away.
> > The question is: are the data encrypted? Will the hacker be able to read
> > anything without the administrator password, just by - for instance - browsing
> > the filesystem or reading disk sectors?
> >
> > Going beyond the first problem... let's say I store some personal data in a
> > table named CLIENTS. Are there any database-level mechanisms that support
> > encrypting table rows independently? I mean in that way that even the DB
> > administrator won't see the original data; yes, he would be able to modify it,
> > even to erase it, but - as far as he does not have a specific user's password
> > - he won't be able to see his data. ...?
> >
> > Of course, I can encrypt rows from the outside (e.g. in some PHP script), but
> > I would love to have some database-level solution, preferably in PostgreSQL.
> > Is there any?
> >
> > --- Thanks for any help!
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org

pgsql-general by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Embedded sql PREPARE statement
Next
From: Tom Lane
Date:
Subject: Re: View prevents index