Re: Article on DB encryption
| От | Silvana Di Martino |
|---|---|
| Тема | Re: Article on DB encryption |
| Дата | |
| Msg-id | 200403082225.12888.silvanadimartino@tin.it обсуждение исходный текст |
| Ответ на | Re: Article on DB encryption (Bruce Momjian <pgman@candle.pha.pa.us>) |
| Список | pgsql-admin |
Alle 19:19, lunedì 8 marzo 2004, Bruce Momjian ha scritto: > The user could decrypt it and store it in a temporary table, and join to > that table in queries, and pass that decrypted password column to > pg_crypto functions, but do we guarantee that that temp table would not > be on the disk if the server crashes and is then stolen? Seems > server-side variables would be a natural, secure use for this that temp > tables don't supply. I agree. This "Global Server Password" should not be stored into a database, not even into a temporary table (because of virtual memory). It should be stored in memory as a server-wide variable. We just need a way to pass it to the server at start-up, using a command line parameter, or even to the running server, using a TCP/IP socket or something like that. Most likely, this second form would better fit the needs of a server. See you PS: Bruce, it's a real pleasure to meet you on the web. Your book on PostgreSQL is one of the most "chewed" of my collection. ----------------------------------------- Alessandro Bottoni and Silvana Di Martino alessandrobottoni@interfree.it silvanadimartino@tin.it
В списке pgsql-admin по дате отправления: