Stuart Gundry wrote:
> I am setting up a postgres database on a standalone system with a randomized
> text password. However, the db will contain very sensitive data and my boss
> is worried about the possibility of someone being able to crack the db data
> if they stole the machine. Can anyone point me to information about how
> securely the data is stored? Or is my only option to hash all my data?
The best you can do IMHO is keep all of your database on an encrypted
partition (think dm-crypt ir truecrypt). Other than that, if someone
steals your box, you're cooked.
If you're not willing to pay the overhead of having everything
encrypted, I think you could set up a tablespace on an encrypted
partition and have only the tables with sensitive data on it (and WAL logs).
Cheers,
Jan
--
Jan Urbanski
GPG key ID: E583D7D2
ouden estin
