Re: Encryption.
| От | Peter Galbavy |
|---|---|
| Тема | Re: Encryption. |
| Дата | |
| Msg-id | 008a01c0c267$fbe542e0$6601a8c0@knowledge.com обсуждение исходный текст |
| Ответ на | Re: Encryption. (Grant <grant@conprojan.com.au>) |
| Список | pgsql-admin |
> I just want to encrypt the database to stop others looking at it as it > will probably be hosted in an environment that I don't have full control > over. Though, if it is encrypted, the scripts to decrypt it will also be > on the same system to display information from the database to the > webpage, so I guess there's no point unless I output all the encrypted > data through a compiled binary file that will decrypt it, but that's just > a pain and requires a bit of overhead. Oh well screw that idea. One solution may be to use an encrypted file system which would require a passphrase at mount time. You could build your system such that it come up into a networked state, running ssh etc. but without the database live. You then log in remotely and securely (the whole point of ssh - as long as the server key is not compromised ...) and manually mount the file system and start the DB. As your server should not be going down that often, this should be an acceptable part of the maintenance process. There is the problem of physical access and trust WRT the ssh server keys... similar problem but maybe less critical. Peter
В списке pgsql-admin по дате отправления: