Re: Database level encryption - Mailing list pgsql-admin

From Timothy Madden
Subject Re: Database level encryption
Date
Msg-id o2m5078d8af1004070952t7b9e77d1y18ced49e847f9f03@mail.gmail.com
Whole thread Raw
In response to Re: Database level encryption  (Michael Gould <mgould@intermodalsoftwaresolutions.net>)
List pgsql-admin
Ok people thank you for your answers.

Timothy Madden



On Wed, Apr 7, 2010 at 3:25 PM, Michael Gould
<mgould@intermodalsoftwaresolutions.net> wrote:
> Timothy,
>
> I've worked with SQL Anywhere which does have database encryption.  There
> are pluses to having a encrypted db, but it did slow down the processing.
> They also had the ability to encrypt stored procedures and triggers.  That
> didn't' seem to really slow down the system.
>
> That being said, the encryption will keep the normal user out of the system,
> but those aren't the people you need to worry about. The people you need to
> worry about are the real hackers and they will be able to get around this
> type of encryption.  I'd like to see something to protect stored procedures
> and triggers but overall I agree that a encrypted drive is probably the best
> thing and require ssl connections.
>
> Best Regards
>
> Michael Gould
>
>
>
> "Timothy Madden" <terminatorul@gmail.com> wrote:
>> Andreas 'ads' Scherbaum <adsmail@wars-nicht.de> wrote:
>>
>>> If someone captures the machine the bad guy can install a network
>>> sniffer and steal the database passwords upon connect.
>>
>> I think protecting against a keylogger is a different issue than
>> database encryption. Is this why database encryption is "not needed"
>> for PostgreSQL, as people here say ?
>>
>>
>>>> With an encrypted database, you need the password anytime you connect,
>>>> even if another application already has an open connection.
>>>
>>> See above, this doesn't help.
>>>
>>> If someone get's root access to your machine, nothing (no filesystem
>>> and no database encryption) is goint to help you here.
>>
>>
>> I would have to disagree with you here. The whole point of encryption
>> is that you need the key in order to get your data back.
>>
>>
>> Timothy Madden
>>
>> --
>> Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
>> To make changes to your subscription:
>> http://www.postgresql.org/mailpref/pgsql-admin
>>
>
>
>

pgsql-admin by date:

Previous
From: Bob Lunney
Date:
Subject: Re: Handling of images via Postgressql
Next
From: Greg Smith
Date:
Subject: Re: turn pitr 'on' on PostgreSQL 8.2 - pg_standby