Fwd: Data Packaging/Data Unpacking - Mailing list pgsql-general
| From | oleg yusim |
|---|---|
| Subject | Fwd: Data Packaging/Data Unpacking |
| Date | |
| Msg-id | CAKd4e_Ffx6ncLOdmCc8namA9+ds6TL-GU-H9c+6n34MZRbTu+w@mail.gmail.com Whole thread Raw |
| In response to | Data Packaging/Data Unpacking (oleg yusim <olegyusim@gmail.com>) |
| List | pgsql-general |
Appologies, for posting it again, but I didn't get any responses so far. Looks like I posted it too late in the evening and it went not noticed.
Oleg
---------- Forwarded message ----------
From: oleg yusim <olegyusim@gmail.com>
Date: Tue, Jan 12, 2016 at 10:00 PM
Subject: Data Packaging/Data Unpacking
To: PostgreSQL General <pgsql-general@postgresql.org>
From: oleg yusim <olegyusim@gmail.com>
Date: Tue, Jan 12, 2016 at 10:00 PM
Subject: Data Packaging/Data Unpacking
To: PostgreSQL General <pgsql-general@postgresql.org>
Greetings,
I have matching couple of security requirements, speaking about preserving data confidentiality and integrity in PostgreSQL DB during packaging for transmission / unpacking from transmission.
Important: let's assume data at rest is encrypted using EFS and data at transit is encrypted using ciphers, provided by OpenSSL.
So, with that in mind, please, help me to understand movement and location of the data between the moment when it is pulled from file system and encrypted as network package going through the SSL tunnel.
And reversing it - between the moment network package arrived through the SSL tunnel is decrypted and the moment its content is placed into the file system.
For those interested, here are requirements themselves, quoted:
1) The DBMS must maintain the confidentiality and integrity of information during preparation for transmission.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information.
Use of this requirement will be limited to situations where the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
When transmitting data, the DBMS, associated applications, and infrastructure must leverage transmission protection mechanisms.
2) The DBMS must maintain the confidentiality and integrity of information during reception.
Information can be either unintentionally or maliciously disclosed or modified during reception, including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information.
This requirement applies only to those applications that are either distributed or can allow access to data non-locally. Use of this requirement will be limited to situations where the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
When receiving data, the DBMS, associated applications, and infrastructure must leverage protection mechanisms.
Thanks,
Oleg
pgsql-general by date: