On Wed, February 20, 2008 11:50 pm, Tyrion wrote: > Paul G. Allen wrote: >> Tyrion wrote: >>> >>> You are correct, if you have an encrypted drive, you have to use the >>> passphrase to mount it, therefore, it is safe if "taken as evidence" >>> However, if it's online and the system is hacked, the encrypted >>> filesystem won't help much because it's already mounted. >>> >>> As to your original question, could you encrypt the data before storing >>> it in the database? That would solve any issues involved with multiple >>> databases and outside encryption. >>> >> >> You'd really want to encrypt it before putting it into the database. >> External encryption (not using the built-in database encryption) is >> going to allow much stronger encryption that what the DB engine can >> provide. >> >> In the scenario described - wanting to protect data even when the >> database engine itself can be used to retrieve it - I would have the >> application provide the encryption. The user of the application would >> have to provide the passphrase and possibly the private key in order >> to decrypt the data. >> > I think we were saying the same thing, but you said it way better than I > did :-) > >> (Aside: after using postgres for a little while now, I still prefer >> MySQL.) >> >> PGA > > Amen to that. I've looked at postgres every once in a while, but the > MySQL interface is just a lot nicer in my opinion. > > Tyrion >
I'm so glad you've both found happiness ;-) <dontcha love topic drift?> -- Lan Barnes SCM Analyst Linux Guy Tcl/Tk Enthusiast Biodiesel Brewer -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
