Kris,
[Replying to list, too.]
On 7/16/10 10:14 AM, Kris Deugau wrote:
> Craig James wrote:
>> This isn't exactly a Postgres question, but I hope someone in the
>> community has solved it.
>>
>> I want to encrypt some data in Postgres that arrives from Apache. How
>> do you store an encryption key in such a way that Apache CGIs can get
>> it, but a hacker or rogue employee who manages to access the machine
>> can't find out the encryption key?
>
> Short answer: You don't.
>
> Longer answer: You can tie things up with public-key encryption so that
> a different system can retrieve the data, but the system that put it in
> can't because it only has the public (encryption) key, not the private
> (decryption) key.
>
> Even that isn't safe from a rogue employee - what if that rogue is your
> seniour sysadmin with full root access on all your systems?
If we assume no escalation of priviliges, that is, Apache stays apache and users can't escalate to root, what then?
This must be a solved problem. Credit-card numbers are required to be encrypted by law. It wouldn't make sense for
themto be encrypted but then find that the password is sitting around where anyone can find it. There must be any
numberof Postgres users who store encrypted credit card numbers and other personal data. How do they solve this
problem?
Craig
