Re: Looking for advice on database encryption - Mailing list pgsql-general

From Thomas Kellerer
Subject Re: Looking for advice on database encryption
Date
Msg-id gs871s$l4a$1@ger.gmane.org
Whole thread Raw
In response to Re: Looking for advice on database encryption  (Bill Moran <wmoran@potentialtech.com>)
Responses Re: Looking for advice on database encryption
List pgsql-general
Bill Moran wrote on 16.04.2009 23:06:
>> which only talks about someone getting hold of the contents of the server's
>> harddisk.
>
> Not really.  You're making an assumption that a pg_dump can only be
> run on the server itself.

Right, I forgot that.

But then it's similar to the situation where the user displays the data and
walks away with the screenshot...

If you have an application server sitting in the middle you can limit
connections to the database to the app server itself. Or even put the appserver
on the same box as the database server and limit connections only to localhost.
In that case the attacker needs to be able to log-in to the server directly.


> and I apologize for being too vague the first go-round.

No problem. This happens to me all the time. Once a discussion starts about a
topic I find myself wondering how I could forget all the details that I'm being
asked about ;)


Thomas

pgsql-general by date:

Previous
From: Bill Moran
Date:
Subject: Re: Looking for advice on database encryption
Next
From: "Will Rutherdale (rutherw)"
Date:
Subject: Re: Looking for advice on database encryption