Re: Database Encryption (now required by law in Italy)

Поиск
Список
Период
Сортировка
От Silvana Di Martino
Тема Re: Database Encryption (now required by law in Italy)
Дата
Msg-id 200403052137.51384.silvanadimartino@tin.it
обсуждение исходный текст
Ответ на Re: Database Encryption (now required by law in Italy)  (Stephan Szabo <sszabo@megazone.bigpanda.com>)
Ответы Re: Database Encryption (now required by law in Italy)  (Stephan Szabo <sszabo@megazone.bigpanda.com>)
Список pgsql-admin
Alle 20:14, venerdì 5 marzo 2004, Stephan Szabo ha scritto:
> > Unfortunately, the new Italian law forces us to take seriously into
> > account this catastrophic scenario and another one that is almost as
> > worring: an unfaithful SysAdmin that copies your data and sells them to
> > KGB. So, database encryption (and not disk encryption) is the _only_
> > answer.
>
> But since your sysadmin (if not trusted) could go behind your back and
> replace the database, any applications that are using the data, etc, I'm
> not sure that's even sufficient.

Replacing the RDBMS engine and/or the "client" application, would be useless:
the "cracker" still need the password to access the encrypted data.

> > > Of course, this loopback encryption with a boot-time passphrase may
> > > fail if they take the rackmount UPS as *well*, and keep the machine
> > > powered at all times ;)
> >
> > The server should listen to the (encrypted/digitally signed) "Heartbeat"
> > of a password server through the net to prevent this kind of attack.
>
> That'll help prevent this sort of attack (although doesn't entirely unless
> you can guarantee that the password server cannot be taken at the same
> time) but also gives you a remote point of failure.

Right.

See you

-----------------------------------------
Alessandro Bottoni and Silvana Di Martino
alessandrobottoni@interfree.it
silvanadimartino@tin.it

В списке pgsql-admin по дате отправления:

Предыдущее
От: Silvana Di Martino
Дата:
Сообщение: Re: Database Encryption (now required by law in Italy)
Следующее
От: Stephan Szabo
Дата:
Сообщение: Re: Database Encryption (now required by law in Italy)