Paul G. Allen wrote: > Tyrion wrote: >> >> You are correct, if you have an encrypted drive, you have to use the >> passphrase to mount it, therefore, it is safe if "taken as evidence" >> However, if it's online and the system is hacked, the encrypted >> filesystem won't help much because it's already mounted. >> >> As to your original question, could you encrypt the data before storing >> it in the database? That would solve any issues involved with multiple >> databases and outside encryption. >> > > You'd really want to encrypt it before putting it into the database. > External encryption (not using the built-in database encryption) is > going to allow much stronger encryption that what the DB engine can > provide. > > In the scenario described - wanting to protect data even when the > database engine itself can be used to retrieve it - I would have the > application provide the encryption. The user of the application would > have to provide the passphrase and possibly the private key in order > to decrypt the data. > I think we were saying the same thing, but you said it way better than I did :-)
> (Aside: after using postgres for a little while now, I still prefer > MySQL.) > > PGA Amen to that. I've looked at postgres every once in a while, but the MySQL interface is just a lot nicer in my opinion. Tyrion -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
