Re: Looking for advice on database encryption
| От | Bill Moran |
|---|---|
| Тема | Re: Looking for advice on database encryption |
| Дата | |
| Msg-id | 20090416162025.6c5e346d.wmoran@potentialtech.com обсуждение исходный текст |
| Ответ на | Re: Looking for advice on database encryption (Thomas Kellerer <spam_eater@gmx.net>) |
| Ответы |
Re: Looking for advice on database encryption
Re: Looking for advice on database encryption Re: Looking for advice on database encryption |
| Список | pgsql-general |
In response to Thomas Kellerer <spam_eater@gmx.net>: > Bill Moran wrote on 16.04.2009 21:40: > > The goal here is that if we're going to encrypt the data, it should > > be encrypted in such a way that if an attacker gets ahold of a dump > > of the database, they still can't access the data without the > > passphrases of the individuals who entered the data. > > I'm by far not an expert, but my naive attempt would be to store the the > database files in an encrypted filesystem. That was the first suggestion when we started brainstorming ideas. Unfortunately, it fails to protect us from the most likely attack vector: SQL Injection/application layer bugs. In an SQL Injection (for example) the fact that the filesystem is encrypted does zero to protect the sensitive data. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/
В списке pgsql-general по дате отправления: