Thread: database file encryption
Hi all,
I have just discovered that in postgres database file the data are not encrypted. If I open with a text editor these files I can read the records values.
I'd like to know if there is a way in order to encrypt these data.
PS. for example in mysql the database file are not readable.
Thanks ad advance.
Stefano
On Fri, Aug 11, 2006 at 09:47:49AM +0200, Stefano B. wrote: > Hi all, > > I have just discovered that in postgres database file the data are > not encrypted. If I open with a text editor these files I can read > the records values. > > I'd like to know if there is a way in order to encrypt these data. Sure, run postgres over an encrypted filesystem. > PS. for example in mysql the database file are not readable. Odd, I just opened a random mysql file here in a text editor and I could read the strings just fine. Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to litigate.
Attachment
Martha Stewart called it a Good Thing when kleptog@svana.org (Martijn van Oosterhout) wrote: > On Fri, Aug 11, 2006 at 09:47:49AM +0200, Stefano B. wrote: >> Hi all, >> >> I have just discovered that in postgres database file the data are >> not encrypted. If I open with a text editor these files I can read >> the records values. >> >> I'd like to know if there is a way in order to encrypt these data. > > Sure, run postgres over an encrypted filesystem. Actually, that may not work the way you think it does... As long as the encrypted filesystem is mounted, you can access the unencrypted data >> PS. for example in mysql the database file are not readable. > > Odd, I just opened a random mysql file here in a text editor and I > could read the strings just fine. The method that consistently works is to encrypt the data before putting it in the database so that the DBMS is unaware of what the plaintext form is... -- output = reverse("moc.liamg" "@" "enworbbc") http://linuxdatabases.info/info/slony.html "Linux: the operating system with a CLUE... Command Line User Environment". (seen in a posting in comp.software.testing)
On Fri, Aug 11, 2006 at 08:52:32AM -0400, Christopher Browne wrote: > >> I'd like to know if there is a way in order to encrypt these data. > > > > Sure, run postgres over an encrypted filesystem. > > Actually, that may not work the way you think it does... > > As long as the encrypted filesystem is mounted, you can access the > unencrypted data Sure. However, it was only asked if the data could be encrypted. My point was that the OP needs to decide what the actual problem is and then they can evaluate what are acceptable solutions. Asking about encrypted files first is putting the cart before the horse. > The method that consistently works is to encrypt the data before > putting it in the database so that the DBMS is unaware of what the > plaintext form is... Sure, but now you've thought about the attack vectors and what's important... Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to litigate.
Attachment
kleptog@svana.org (Martijn van Oosterhout) writes: > On Fri, Aug 11, 2006 at 08:52:32AM -0400, Christopher Browne wrote: >> >> I'd like to know if there is a way in order to encrypt these data. >> > >> > Sure, run postgres over an encrypted filesystem. >> >> Actually, that may not work the way you think it does... >> >> As long as the encrypted filesystem is mounted, you can access the >> unencrypted data > > Sure. However, it was only asked if the data could be encrypted. My > point was that the OP needs to decide what the actual problem is and > then they can evaluate what are acceptable solutions. > > Asking about encrypted files first is putting the cart before the > horse. > >> The method that consistently works is to encrypt the data before >> putting it in the database so that the DBMS is unaware of what the >> plaintext form is... > > Sure, but now you've thought about the attack vectors and what's > important... Indeed. In effect, that means that the important question wasn't asked, namely "What kind or kinds of attacks do we wish to protect against?" > Have a nice day, Trying... -- "cbbrowne","@","acm.org" http://www3.sympatico.ca/cbbrowne/spreadsheets.html Coming Soon to a Mainframe Near You! MICROS~1 Windows NT 6.0, complete with VISUAL JCL...