On Monday 08 May 2017 18:29:35 Antonis Christofides wrote: > Assume Django is running as user 'django' and the db is "db.sqlite3". > > If you "chown django db.sqlite3" and "chmod 600 db.sqlite3", only user > django can access it. > > What would you gain by encrypting it?
Three things: 1) If the file gets deleted, Django does not recreate it with that mode. Solvable by using a dedicated directory instead of the above. 2) root can't do anything with it nor can daemons that are compromised before switching to unprivileged user. 3) Additional layer in case martians invade earth and other things that should not happen. Not uncommon in high-security environments to defend against the unknown. See for example the requirements FIPS-140[1] places on access to cryptographic keys, even though we all put them in a directory mode 500 owned by root. But I feel we're going off-topic now. -- Melvyn Sopacua -------- [1] https://en.wikipedia.org/wiki/FIPS_140-2#Level_1 -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2121782.v00QVscXm9%40devstation. For more options, visit https://groups.google.com/d/optout.
