Ok people thank you for your answers.
Timothy Madden
On Wed, Apr 7, 2010 at 3:25 PM, Michael Gould
<mgould@intermodalsoftwaresolutions.net> wrote:
> Timothy,
>
> I've worked with SQL Anywhere which does have database encryption. There
> are pluses to having a encrypted db, but it did slow down the processing.
> They also had the ability to encrypt stored procedures and triggers. That
> didn't' seem to really slow down the system.
>
> That being said, the encryption will keep the normal user out of the system,
> but those aren't the people you need to worry about. The people you need to
> worry about are the real hackers and they will be able to get around this
> type of encryption. I'd like to see something to protect stored procedures
> and triggers but overall I agree that a encrypted drive is probably the best
> thing and require ssl connections.
>
> Best Regards
>
> Michael Gould
>
>
>
> "Timothy Madden" <terminatorul@gmail.com> wrote:
>> Andreas 'ads' Scherbaum <adsmail@wars-nicht.de> wrote:
>>
>>> If someone captures the machine the bad guy can install a network
>>> sniffer and steal the database passwords upon connect.
>>
>> I think protecting against a keylogger is a different issue than
>> database encryption. Is this why database encryption is "not needed"
>> for PostgreSQL, as people here say ?
>>
>>
>>>> With an encrypted database, you need the password anytime you connect,
>>>> even if another application already has an open connection.
>>>
>>> See above, this doesn't help.
>>>
>>> If someone get's root access to your machine, nothing (no filesystem
>>> and no database encryption) is goint to help you here.
>>
>>
>> I would have to disagree with you here. The whole point of encryption
>> is that you need the key in order to get your data back.
>>
>>
>> Timothy Madden
>>
>> --
>> Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
>> To make changes to your subscription:
>> http://www.postgresql.org/mailpref/pgsql-admin
>>
>
>
>
