On Fri, 5 Mar 2004, Silvana Di Martino wrote:
> Alle 20:14, venerd� 5 marzo 2004, Stephan Szabo ha scritto:
> > > Unfortunately, the new Italian law forces us to take seriously into
> > > account this catastrophic scenario and another one that is almost as
> > > worring: an unfaithful SysAdmin that copies your data and sells them to
> > > KGB. So, database encryption (and not disk encryption) is the _only_
> > > answer.
> >
> > But since your sysadmin (if not trusted) could go behind your back and
> > replace the database, any applications that are using the data, etc, I'm
> > not sure that's even sufficient.
>
> Replacing the RDBMS engine and/or the "client" application, would be useless:
> the "cracker" still need the password to access the encrypted data.
Only for data that's already there though, right? What about any
additions (and possibly changes) made after that point?