Hello,
I'd like to know which solutions exist encrypt postgresql database ?
Did you already use an encryption method ?
I saw on the web that there is a contrib (pgcypto) but I can't estimate
its efficiency
Olivier
begin:vcard
fn:Olivier Boissard
n:Boissard;Olivier
org:Cerene Services
adr:;;3
I'm interested in using a passwords table with my Access front end, but
need to encrypt the passwords over the network. Can anyone help me get
started on this kind of project?
---(end of broadcast)---
TIP 7: don't forget to increase your free space
On Wed, Feb 07, 2007 at 11:23:03AM +0100, Olivier Boissard wrote:
> I saw on the web that there is a contrib (pgcypto) but I can't estimate
> its efficiency
Well, it works for some people. What are you trying to accomplish
with "database encryption"?
A
--
Andrew Sullivan | [EMAIL PROTECTED]
Andrew Sullivan a écrit :
On Wed, Feb 07, 2007 at 11:23:03AM +0100, Olivier Boissard wrote:
I saw on the web that there is a contrib (pgcypto) but I can't estimate
its efficiency
Well, it works for some people. What are you trying to accomplish
with "database encryption"?
A
I wo
On Thu, Feb 08, 2007 at 09:13:48AM +0100, Olivier Boissard wrote:
> I was thinking about a system in which only the php programs will be
> able to manage stored informations. In case of theft or unexpected
> access to servers nobody could be able to retrieve the stored data
> without the author
Michael Fuhr wrote:
> On Thu, Feb 08, 2007 at 09:13:48AM +0100, Olivier Boissard wrote:
> > I was thinking about a system in which only the php programs will be
> > able to manage stored informations. In case of theft or unexpected
> > access to servers nobody could be able to retrieve the store
Bruce Momjian a écrit :
Michael Fuhr wrote:
On Thu, Feb 08, 2007 at 09:13:48AM +0100, Olivier Boissard wrote:
I was thinking about a system in which only the php programs will be
able to manage stored informations. In case of theft or unexpected
access to servers nobody could be able
On Fri, Feb 09, 2007 at 09:03:20 +0100,
Olivier Boissard <[EMAIL PROTECTED]> wrote:
> Thanks for responses.
> I expose the context of my question :
>
> I need to install a server for a specific web application written in PHP.
> This one works by making queries to a postgresql database. The datab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 17 June 2003 11:18, JR Richards wrote:
> I'm interested in using a passwords table with my Access front end, but
> need to encrypt the passwords over the network. Can anyone help me get
> started on this kind of project?
>
Isn't ODBC what
On Tue, Jun 17, 2003 at 11:18:57AM -0700, JR Richards wrote:
> I'm interested in using a passwords table with my Access front end, but
> need to encrypt the passwords over the network. Can anyone help me get
> started on this kind of project?
I would think that you could use ssh or stunnel to sec
The new italian law about personal data protection (aka "privacy") requires
the use of cryptography _both_ for protecting the network traffic _and_ for
protecting the (personal) data stored on the hard disk.
While I can see how to protect a PGSQL connection using SSH tunneling or a
VPN, I cann
* Silvana Di Martino <[EMAIL PROTECTED]> wrote:
> We just think it is easier and safer to encrypt the whole database, or even
> the whole disk, than try to understand what the law actually means.
BTW politicians should have to be enforced to tell people what their
laws really mean. Representan
Enrico Weigelt wrote:
> * Silvana Di Martino <[EMAIL PROTECTED]> wrote:
>
>
>
>>We just think it is easier and safer to encrypt the whole database, or even
>>the whole disk, than try to understand what the law actually means.
>
>
> BTW politicians should have to be enforced to tell people wha
Ryan J. Cavicchioni wrote:
> Enrico Weigelt wrote:
> > * Silvana Di Martino <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >>We just think it is easier and safer to encrypt the whole database, or even
> >>the whole disk, than try to understand what the law actually means.
> >
> >
> > BTW politician
pgman@candle.pha.pa.us (Bruce Momjian) writes:
I owe you a patch on runtime.sgml for the summary I did on "Use of
Encryption."
I just sent it...
--
(format nil "[EMAIL PROTECTED]" "cbbrowne" "acm.org")
http://www.ntlug.org/~cbbrowne/sap.html
Rules of the Evil Overlord #78. "I will not tell my L
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Silvana Di Martino wrote:
| The new italian law about personal data protection (aka "privacy")
| requires the use of cryptography _both_ for protecting the network
| traffic _and_ for protecting the (personal) data stored on the hard
| disk.
|
| While
oose term: it can be all or nearly
nothing.
Brgds, Laimis
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Silvana Di Martino
> Sent: 5. mars 2004 09:54
> To: [EMAIL PROTECTED]
> Subject: [ADMIN] Database Encryption (now
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday, 05.03.2004 at 11:10 +0200, Radu-Adrian Popescu wrote:
> | While I can see how to protect a PGSQL connection using SSH
> | tunneling or a VPN, I cannot see any way to encrypt a PGSQL
> | database stored on a hard disk, put aside the possibil
On Friday, 05.03.2004 at 09:21 +, [EMAIL PROTECTED] wrote:
> Is it enough to encrypt some table fields only, i.e. "personnal data"
> personal(social security) number, name-surname and birth data - if one
> can not easily tell whom the data(e.g. bank account) belongs to then
> it may be quite e
> What's wrong with using a LoopAES filesystem? It protects against
> someone walking off with the server, or at least the hard disk, and
> being able to see the data.
Yes, but only if the password has to entered manually [1] at boot time.
And it gives zero protection against someone who gains ro
Alle 09:20, venerdì 5 marzo 2004, Dave Ewart ha scritto:
> What's wrong with using a LoopAES filesystem? It protects against
> someone walking off with the server, or at least the hard disk, and
> being able to see the data.
Nothing! I just wonder if there is any other tool, more specific to
Pos
Alle 09:10, venerdì 5 marzo 2004, Radu-Adrian Popescu ha scritto:
> Are you sure you need to encrypt the _database_ ? It seems strange to
> require encryption
> of all the data, as you would get using LoopAES. I think you only need
> to decide (and probably
> the privacy protection law stipulates t
On Friday, 05.03.2004 at 11:17 +, Matt Clark wrote:
> > What's wrong with using a LoopAES filesystem? It protects against
> > someone walking off with the server, or at least the hard disk, and
> > being able to see the data.
>
> Yes, but only if the password has to entered manually [1] at b
On Friday, 05.03.2004 at 12:51 +, Silvana Di Martino wrote:
> Alle 09:51, venerdì 5 marzo 2004, Dave Ewart ha scritto:
> > I guess there may similar legislation in Italy and elsewhere.
>
> Actually, the Italian law is an implementation of a EU directive
> strictly inspired to the existing UK
On Friday, 05.03.2004 at 12:52 +, Silvana Di Martino wrote:
> Deciding which data are relevant is not easy. The law stipulates that all of
> the "personal data" have to be encrypted and that "personal data" are the
> data that allow a "spy" to infer any of the following information about a
...and on Fri, Mar 05, 2004 at 12:08:02PM +, Dave Ewart used the keyboard:
> >
> > [1] There are ways of avoiding having to enter the info manually, but
> > they're very tricky to implement securely.
>
> Not sure I follow this - there's no point AT ALL in using LoopAES if you
> can mount the e
Dave Ewart wrote:
If you find any 'automated' front-end to do this at the database-level,
rather than something like loopback at the filesystem level or at the
field level for specific fields, I think there would be a lot of
interest.
But that is the problem, isn't it? Any 'automated'
encryption
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday, 05.03.2004 at 14:47 +0100, Grega Bremec wrote:
> > > [1] There are ways of avoiding having to enter the info manually,
> > > but they're very tricky to implement securely.
> >
> > Not sure I follow this - there's no point AT ALL in using L
And how does one account for key information? If one encrypts any information
deemed worthy to be a key then you have to decrypt the entire database to find
particular information.
Of course, you could keep keys unencrypted for use, but then again, why encrypt
it at all?
Quoting Mitch Pirtl
Alex Page wrote:
It all comes down to what you're trying to protect your data *from*. If
you're trying to protect it from people sniffing network traffic between
clients and the server, then SSL is sensible. If you're trying to
protect against somebody reading passwords out of a database and using
On Fri, Mar 05, 2004 at 08:53:04AM -0500, Mitch Pirtle wrote:
> I understand (and demand) requiring SSL connections for database
> clients, and MD5 hashing of passwords before storing in the database,
> but implementing two-way encryption of database data just doesn't make
> sense to me.
It al
Quoting Mitch Pirtle <[EMAIL PROTECTED]>:
> Matt Davies wrote:
>
> > And how does one account for key information? If one encrypts any
> information
> > deemed worthy to be a key then you have to decrypt the entire database to
> find
> > particular information.
> >
> >
> > Of course, you coul
Matt Davies wrote:
And how does one account for key information? If one encrypts any information
deemed worthy to be a key then you have to decrypt the entire database to find
particular information.
Of course, you could keep keys unencrypted for use, but then again, why encrypt
it at all?
My q
On Fri, Mar 05, 2004 at 07:43:10 -0700,
Matt Davies <[EMAIL PROTECTED]> wrote:
> And how does one account for key information? If one encrypts any information
> deemed worthy to be a key then you have to decrypt the entire database to find
> particular information.
It depends on what kinds of
On Fri, Mar 05, 2004 at 10:31:41 -0500,
Mitch Pirtle <[EMAIL PROTECTED]> wrote:
>
> 1) I've never seen a quad-xeon live on a UPS for more than 90 seconds
A UPS isn't supposed to do that. Its purpose to is to allow for a clean
shutdown or time to switch to an alternate power source. You need a b
On Fri, Mar 05, 2004 at 10:00:23 -0500,
Mitch Pirtle <[EMAIL PROTECTED]> wrote:
>
> Second, hard-disk encryption will only come into play if someone stole
> the hardware, right? And even then, as long as the thing boots, then
> they would have access! That is, unless we went back to the
> h
On Friday 05 March 2004 10:31, Mitch Pirtle wrote:
[snip]
> 1) I've never seen a quad-xeon live on a UPS for more than 90 seconds
I had mine (Acer Altos G900) running for more than 10 minutes the other day,
until I decied the outage would take a little longer than usual and shut
everything dow
On Fri, Mar 05, 2004 at 12:52:05PM +, Silvana Di Martino wrote:
> At the moment, our data are on a server protected by a firewall and accessible
> just by authorized people. This was clearly declared as being "sufficient" by
> the italian law until December 2003. The new law, instead, clear
Alle 11:30, venerdì 5 marzo 2004, Radu-Adrian Popescu ha scritto:
> We're basically doing it this way: generate a pair of private/public
> keys and save these.
> Then we get sensitive data in from some outside source, use it in the
> processing part,
> then we encrypt it using the public key (obvio
Alle 15:11, venerdì 5 marzo 2004, Alex Page ha scritto:
> If you're trying to protect against somebody taking down your server
> room door with a sledgehammer, lifting your server out of the rack,
> driving it away and booting off an alternative medium to avoid needing
> to know your root password,
Alle 13:53, venerdì 5 marzo 2004, Mitch Pirtle ha scritto:
> The same logic applies to encrypting the data in the database -
> somewhere on your server the application has to know how to decrypt it,
> and that means anyone that gains access to your server will have that
> ability also...
That's tr
Alle 12:12, venerdì 5 marzo 2004, Dave Ewart ha scritto:
> If you find any 'automated' front-end to do this at the database-level,
> rather than something like loopback at the filesystem level or at the
> field level for specific fields, I think there would be a lot of
> interest.
As I told in ano
Alle 11:17, venerdì 5 marzo 2004, Matt Clark ha scritto:
> Yes, but only if the password has to entered manually [1] at boot time.
> And it gives zero protection against someone who gains root access to the
> server.
This is a problem for italian users because the italian law clearly states
that
Alle 15:00, venerdì 5 marzo 2004, Mitch Pirtle ha scritto:
> My question is much more basic than that: Why encrypt anything beyond
> passwords? If you secure the accounts on the machine, and encrypt all
> network traffic to the machine (ssh, scp, ssl) then what additional
> security can you add?
On Fri, 5 Mar 2004, Silvana Di Martino wrote:
> Alle 15:11, venerdì 5 marzo 2004, Alex Page ha scritto:
> > If you're trying to protect against somebody taking down your server
> > room door with a sledgehammer, lifting your server out of the rack,
> > driving it away and booting off an alternativ
Alle 13:53, venerdì 5 marzo 2004, Mark Gibson ha scritto:
> Silvana Di Martino wrote:
> >Is there any (native/third party) tool for encrypting a PGSQL database on
> > the disk? Is there any PGSQL option for encrypting data on the fly?
>
> Have a look in contrib/pgcrypto.
> Although I haven't actual
On Fri, 5 Mar 2004, Silvana Di Martino wrote:
> Alle 15:11, venerdì 5 marzo 2004, Alex Page ha scritto:
> > If you're trying to protect against somebody taking down your server
> > room door with a sledgehammer, lifting your server out of the rack,
> > driving it away and booting off an alternativ
Alle 19:26, venerdì 5 marzo 2004, Hans Spaans ha scritto:
> I'm just wondering, does that law applies on all databases or just on
> new databases. In the Netherlands laws about privacy only apply on new
> databases and for old databases the law of that time-frame only
> applies. I must note that th
Alle 19:38, venerdì 5 marzo 2004, scott.marlowe ha scritto:
> > Unfortunately, the new Italian law forces us to take seriously into
> > account this catastrophic scenario and another one that is almost as
> > worring: an unfaithful SysAdmin that copies your data and sells them to
> > KGB. So, datab
Alle 20:14, venerdì 5 marzo 2004, Stephan Szabo ha scritto:
> > Unfortunately, the new Italian law forces us to take seriously into
> > account this catastrophic scenario and another one that is almost as
> > worring: an unfaithful SysAdmin that copies your data and sells them to
> > KGB. So, datab
On Fri, 5 Mar 2004, Silvana Di Martino wrote:
> Alle 20:14, venerdì 5 marzo 2004, Stephan Szabo ha scritto:
> > > Unfortunately, the new Italian law forces us to take seriously into
> > > account this catastrophic scenario and another one that is almost as
> > > worring: an unfaithful SysAdmin tha
On Fri, 5 Mar 2004, Silvana Di Martino wrote:
> Alle 19:38, venerdì 5 marzo 2004, scott.marlowe ha scritto:
> > > Unfortunately, the new Italian law forces us to take seriously into
> > > account this catastrophic scenario and another one that is almost as
> > > worring: an unfaithful SysAdmin tha
On Fri, Mar 05, 2004 at 20:12:37 +,
Silvana Di Martino <[EMAIL PROTECTED]> wrote:
>
> BTW: if you have a USA-based company and collect info regarding Italian
> people, you have to comply with this absurd Italian law. Funny, isn't it?
Only if you are going to come within reach of Italian LE
> BTW: if you have a USA-based company and collect info regarding Italian
> people, you have to comply with this absurd Italian law. Funny, isn't it?
No, we don't. We're not bound by Italian law, only US law.
Michael
--
Michael Darrin Chaney
[EMAIL PROTECTED]
http://www.michaelchaney.com/
---
Alle 20:34, venerdì 5 marzo 2004, scott.marlowe ha scritto:
> Sorry, but that's the wrong answer. Once someone has root on a unix box
> her can do ANYTHING he wants. and he can cover his tracks. If the
> encryption takes place on his box, he can attach to the process doing the
> encryption and /
Alle 23:23, venerdì 5 marzo 2004, Michael Chaney ha scritto:
> > BTW: if you have a USA-based company and collect info regarding Italian
> > people, you have to comply with this absurd Italian law. Funny, isn't it?
>
> No, we don't. We're not bound by Italian law, only US law.
Unfortunately, that
Alle 21:29, venerdì 5 marzo 2004, Bruno Wolff III ha scritto:
> On Fri, Mar 05, 2004 at 20:12:37 +,
>
> Silvana Di Martino <[EMAIL PROTECTED]> wrote:
> > BTW: if you have a USA-based company and collect info regarding Italian
> > people, you have to comply with this absurd Italian law. Funny,
On March 6, 2004 03:59, Silvana Di Martino wrote:
>
> Both USA and UE companies have to comply with WTO rules. There are
> international agreements between USA and EU regarding online commerce and
> these agreements states that a company in EU cannot violate the law on
> commerce of USA if it oper
Alle 13:55, sabato 6 marzo 2004, Lamar Owen ha scritto:
> On Friday 05 March 2004 03:34 pm, scott.marlowe wrote:
> > Sorry, but that's the wrong answer. Once someone has root on a unix box
> > her can do ANYTHING he wants. and he can cover his tracks.
>
> This is what things like the capabilities
Alle 17:24, sabato 6 marzo 2004, Gorshkov ha scritto:
> When you connect to amazon.com from italy, my understanding is that you're
> (legally) conducting business in the USA, because that's where the
> transaction actually takes place - that's where the servers are.
Well, there are two different
Silvana Di Martino wrote:
> Actually, the Italian law is an implementation of a EU directive
> strictly inspired to the existing UK law. It will affect all EU in a
> few years.
Perhaps, given the potential commercial necessities of this for larger
organisations, find out what Oracle and IBM propos
Alle 09:32, lunedì 8 marzo 2004, Peter Galbavy ha scritto:
> Perhaps, given the potential commercial necessities of this for larger
> organisations, find out what Oracle and IBM propose doing or have
> implemented ?
I do not know of IBM.
Oracle has a system similar to pgcrypto but more sophistica
Silvana Di Martino wrote:
> Oracle has a system similar to pgcrypto but more sophisticated. I do
> not know if it can use encrypted indexes, encrypted dates and
> encrypted times (it is likely but I did not tried, yet). It stores
> its "global encryption password" into a system table in encrypted
>
> BTW: It looks like I'm the only one here facing this problem. That's
> surprising, given the number of countries that have a law
> like the italian
> one and the wide diffusion of PostgreSQL.
This is normal because the task to encrypt database is usually done at
hardware/OS level. In general t
Alle 12:30, lunedì 8 marzo 2004, Peter Galbavy ha scritto:
> Silvana Di Martino wrote:
> > Oracle has a system similar to pgcrypto but more sophisticated. I do
> > not know if it can use encrypted indexes, encrypted dates and
> > encrypted times (it is likely but I did not tried, yet). It stores
>
Alle 17:29, lunedì 8 marzo 2004, Joe Conway ha scritto:
> Silvana Di Martino wrote:
> > Oracle has a built-in feature for encrypting/decrypting this password's
> > password.
>
> Right, and this master password is only protected because Oracle is
> closed source. It is not possible to do the same th
Hi.
That is an article on www.linuxuser.co.uk , issue 34 entitled "A Guide
to filesystem encryption"
that may do what you want to do.
It uses a method called "Loop-AES" http://loop-aes.sourceforge.net .
Hope it works for you
Sergio
Silvana Di Martino wrote:
The new italian law about personal dat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Clark wrote:
|>What's wrong with using a LoopAES filesystem? It protects against
|>someone walking off with the server, or at least the hard disk, and
|>being able to see the data.
|
|
|Yes, but only if the password has to entered manually [1] at
Alle 09:51, venerdì 5 marzo 2004, Dave Ewart ha scritto:
> I guess there may similar legislation in Italy and elsewhere.
Actually, the Italian law is an implementation of a EU directive strictly
inspired to the existing UK law. It will affect all EU in a few years.
See you
-
69 matches
Mail list logo
