Re: pgcrypto and database encryption
От | Silvana Di Martino |
---|---|
Тема | Re: pgcrypto and database encryption |
Дата | |
Msg-id | 200403080946.48466.silvanadimartino@tin.it обсуждение исходный текст |
Ответ на | Re: pgcrypto and database encryption (matt@ymogen.net) |
Список | pgsql-admin |
Alle 22:16, domenica 7 marzo 2004, matt@ymogen.net ha scritto: > The EU directive (and therefore the laws of indiviual countries) requires > that if someone gets access to your *DATABASE* they cannot get personal > details of individuals out of it. That is all. It is intended to protect > people against the kind of idiotic organisations that put their customer > lists in an Excel sheet on their extranet without a password. > > This thread has covered many interesting and diverting issues, but the > fundamental issue of legal compliance is more than satisfied by: > 1) Encrypting 'personal information' stored in a DB Fine! Now tell me: how do you perform such encryption on PostgreSQL? Using pgcrypto and suppling your password from external (PHP, Python) code? Where do you store this password? In a config.php file? How many different encryption/decryption programs/implementations/logics are you willing to have on your "n" PostgreSQL servers? How do you maintain them (after the original programmers are gone)? Using a few commercial RDBMS, it is just a matter to switch the encryption feature on and supply the required password each time you start the RDBMS service up. Unfortunately, PostgreSQL does not supply us with such a comfortable feature. So, how many commercial licenses of your favorite commercial RDBMS are you willing (or can you afford) to buy to replace all your PostgreSQL servers? How much time (programmer's working hours, each at 50 Euro average cost) are you willing to invest in converting your PostgreSQL databases to SQL Server, for example? I'm perfectly aware that law is clear and simple. Nevertheless, its implementation isn't. > 2) Keeping the keys on a different server than the DB Fine. How and when do you supply the password to the encryption/decryption process? On demand? At postmaster init time? Using which channel/method? XML-RPC? SOAP? How do you protect them from a hacker's program that tries to impersonate the legitimate encrypting program and ask for it? Once again, Devil is in the details... > 3) Making reasonable efforts [1] to keep those keys secrets > [1] As far as I can tell from discussions with the Data Protection > Registrar, you do not have to protect them against someone rooting the app > server (since that is essentially impossible without silly investments in > specialised hardware or other excessive costs). What does "reasonable" mean? We defined already that we are not forced to replace Police in fighting organized crime but we still have to define a lot of details. For example: 15.000 euro for a new database license and the porting of data is a "silly investemen" or a "reasonable investement"? Read the italian law and you will get surprised from the answer. Again, I'm sorry to bother you all with such details. Just give me a solution (that is: a PostgreSQL database encryption method I can actually use) and I will let you alone. See you. ----------------------------------------- Alessandro Bottoni and Silvana Di Martino alessandrobottoni@interfree.it silvanadimartino@tin.it
В списке pgsql-admin по дате отправления: