On Mon, Aug 22, 2011 at 3:40 AM, Condor <condor@stz-bg.com> wrote:
> Hello ppl,
> any one can tell me how I can secure linux server with database postgres for
> example ?
> Im thinking to make a cryptfs file system and to deploy database over the
> cryptfs. The problem
> here may will be when front end need any data for in/out cpus of the server
> will aways
> decrypt/encrypt data and performance will be very low.
>
> I remember a few months ago some one ask similar question about how he can
> crypt data that is
> stored on database and problem was the key. Key is stored on the same server
> if some one
> get access can decrypt data.
>
> Any one have some ideas how to make something like crypt bubble and to store
> database there ?
> Or something else ?
Worrying about security without defining and understanding the threats
you face is a pointless exercise. If you are worried about physical
loss of the drive, a better defense is to encrypt/decrypt sensitive
data on the client so that the server is not exposed to the key.
Obviously, this has downsides like not being able to index or ad hoc
search the data in question. So, who are you worried about -- what
are the threats?
merlin