Re: Database Encryption (now required by law in Italy) - Mailing list pgsql-admin

From Radu-Adrian Popescu
Subject Re: Database Encryption (now required by law in Italy)
Date
Msg-id 40484403.70001@aldratech.com
Whole thread Raw
In response to Database Encryption (now required by law in Italy)  (Silvana Di Martino <silvanadimartino@tin.it>)
Responses Re: Database Encryption (now required by law in Italy)
Re: Database Encryption (now required by law in Italy)
List pgsql-admin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Silvana Di Martino wrote:

| The new italian law about personal data protection (aka "privacy")
| requires the use of cryptography _both_ for protecting the network
| traffic _and_ for protecting the (personal) data stored on the hard
| disk.
|
| While I can see how to protect a PGSQL connection using SSH
| tunneling or a VPN, I cannot see any way to encrypt a PGSQL
| database stored on a hard disk, put aside the possibility to
| encrypt the hosting file system with LoopAES.
|
| Is there any (native/third party) tool for encrypting a PGSQL
| database on the disk? Is there any PGSQL option for encrypting data
| on the fly?
|
| Many thanks in advance for your attention.
|
| NOTE: the italian law on privacy ("Decreto Legge 196/03", Dicembre
| 2003) is available on the net:
|
| http://www.garanteprivacy.it http://www.interlex.it
|
| Of course, just in italian...
| ----------------------------------------- Alessandro Bottoni and
| Silvana Di Martino alessandrobottoni@interfree.it
| silvanadimartino@tin.it
|
| ---------------------------(end of
| broadcast)--------------------------- TIP 7: don't forget to
| increase your free space map settings
|
|
Are you sure you need to encrypt the _database_ ? It seems strange to
require encryption
of all the data, as you would get using LoopAES. I think you only need
to decide (and probably
the privacy protection law stipulates this) what data you need to
encrypt and store that data
encrypted in the database; such as customer's names, addresses, social
data, payment data
and so on. On the other hand, I think you should be doing this anyway.
I know we are :-)

Regards,

- --
Radu-Adrian Popescu
CSA, DBA, Developer
Aldratech Ltd.
+40213212243
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFASEQCVZmwYru5w6ERAqrSAJ0b2LPIe2TznFS4f4l9iYC3nMA9VgCgiKDs
MMFfrReUhbvI5xXfG+Ha1PE=
=X1ZW
-----END PGP SIGNATURE-----



pgsql-admin by date:

Previous
From: Silvana Di Martino
Date:
Subject: Database Encryption (now required by law in Italy)
Next
From: Dave Ewart
Date:
Subject: Re: Database Encryption (now required by law in Italy)