On Fri, Mar 05, 2004 at 08:53:04AM -0500, Mitch Pirtle wrote: > I understand (and demand) requiring SSL connections for database > clients, and MD5 hashing of passwords before storing in the database, > but implementing two-way encryption of database data just doesn't make > sense to me.
It all comes down to what you're trying to protect your data *from*. If you're trying to protect it from people sniffing network traffic between clients and the server, then SSL is sensible. If you're trying to protect against somebody reading passwords out of a database and using them to impersonate other users, use MD5 (or SHA) hashing. If you're trying to protect against somebody taking down your server room door with a sledgehammer, lifting your server out of the rack, driving it away and booting off an alternative medium to avoid needing to know your root password, then a loopback encrypted partition (or data encrypted in GPG where the decryption key is not stored on the database server) is a sensible precaution. I expect that for most database users, it comes down to meeting the standards defined by law rather than realistic expectations of an attack - I expect that most of the situations we attempt to prevent are unlikely in the extreme, but we have various contractual and legal obligations which mean we have to defend against them anyway. Of course, this loopback encryption with a boot-time passphrase may fail if they take the rackmount UPS as *well*, and keep the machine powered at all times ;) Alex -- Mail: Alex Page <[EMAIL PROTECTED]> Real: Systems/Network Assistant, Epidemiology Unit, Oxford Tel: 01865 302 223 (external) / 223 (internal) PGP: 8868 21D7 3D35 DD77 9D06 BF0A 0746 2DE6 55EA 367E ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly