Re: Database level encryption

Andreas 'ads' Scherbaum <adsmail@wars-nicht.de> wrote:

> If someone captures the machine the bad guy can install a network
> sniffer and steal the database passwords upon connect.

I think protecting against a keylogger is a different issue than
database encryption. Is this why database encryption is "not needed"
for PostgreSQL, as people here say ?


>> With an encrypted database, you need the password anytime you connect,
>> even if another application already has an open connection.
>
> See above, this doesn't help.
>
> If someone get's root access to your machine, nothing (no filesystem
> and no database encryption) is goint to help you here.


I would have to disagree with you here. The whole point of encryption
is that you need the key in order to get your data back.


Timothy Madden