Hi Tim,
> On 23. Jul, 2020, at 07:34, Tim Cross <theophilusx@gmail.com> wrote:
>
> Yes, I think the IT heads issue is the primary driver - combined with
> very poor understanding of information security at senior levels and a
> huge growth of poor quality and 'snake oil salesmen' in the IT security space
> due to the amount of money ill informed senior managers are throwing at
> what they think is a technical problem which usually is in fact a
> business process problem.
and the best solution to that nonsense comes from the big red O. They use PKCS#12 wallets. Good, but as soon as you
needauto-open wallets, which you do for every automated job like backups, you put the key right next to it. So it's
likehaving a big safe in your house but the combination of the lock is written all over it. So much for security by
obscurity.
For PostgreSQL we use a umask of 077 in our profile. That's why I keep telling my IT head that this is enough and it
doesnot make sense to put the key next to the safe.
Cheers,
Paul
