Hi Magnus,
You are right. My description is based on windows 2000
which is the weakest one.
Have the recovery key only available off-line is a
good practice. And if you don't want recovery agent,
backup the user's private key is also appropriate. It
can be done without effort. You don't need an army or
something like that :)
cheers,
Changyu
--- Magnus Hagander <mha@sollentuna.net> wrote:
>
> > The EFS encryption as you described it adds
> nothing but a
> > false sense of security (and the ability to use
> some more
> > buzzwords). The level of protection is just the
> same of a
> > Unix file with the right permissions.
> > The key point here is that both the 'postgres'
> user and
> > 'administrator'
> > have _transparent_ access to the file contents. No
> password required.
>
> While most of what you wrote is definitly correct,
> you missed a few
> things about EFS.
>
> 1) Administrator does not necessarily have
> *transparent* access. It's
> only the users access that is transparent.
>
> 2) It is quite possible to remove the administrator
> recovery key. This
> can be used to protect *against* administrators
> reading the file. You do
> *not* need to have *any* recovery key.
>
> 2b) It's even so that in Windows XP (and I think
> 2003), if it is *not* a
> member of a domain, there *is* no default recovery
> key. In a domain,
> it's the domain admins key, or whatever is
> configured in your domain
> policy. In 2000, it's the local admin that first
> logs on to the box.
>
> 3) The recommended practice is to have the recovery
> key only available
> off-line, locked into a separate building with half
> an army defending
> it. Or something like that. At least put it in a
> smartcard that nobody
> can access without going through lots and lots of
> safe checks on who
> they are.
>
> So it does offer a bit of extra security. "Just" to
> protect the key used
> to set up the SSL sessions, I'm not sure it's worth
> it. Because again,
> if they hack your admin account, they can get to
> your files *without*
> going thruogh getting into the SSL stream.
>
>
> //Magnus
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to
> majordomo@postgresql.org
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com