On 28-Jan-08, at 9:46 AM, Andreas Tille wrote:
This are different layers. I was talking about encryption of the
harddisk. Once it is mounted everything is transparent for
postgresql.
It just helps if somebody plugs out the power cable that you are quite
safe that he is unable to access your data.
Encryption of the whole hard disk is simple, it is just extremely
limiting because it requires that a suitable person must be
physically present to input the key from the console any time that
the system is rebooted. This would mean that
- if the server is in your office / praxis, the reboot can only be
done while there is someone in the office who can input the key from
the console... this means that if the computer should reboot in the
evening or on the weekend when the doctors may be on call from home
(e.g. rebooting after a power brownout) the server will remain
offline until the needed person(s) can be available to physically
come/go into the office
- the server would also be unable to be kept headless, so you are now
talking having to keep a monitor and keyboard attached along with the
ability for someone to interact directly in the physical space which
sometimes closets poorly allow :-)
... this is why previous discussion suggested that for a production
server that would run in a medical praxis, the boot volume with the
OS could be unencrypted (this would permit tech support to access the
machine for system maintenance and to permit ssh remote login to then
so that the IT support people (if trusted with the data partition
key) or one of the doctors or administrators can remotely supply the
key to mount the data partitions. In one other variation described by
Tim Churches, the data partition mount key could be kept on USB
sticks and these could be kept under special on-site lockup.
_______________________________________________
Gnumed-devel mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/gnumed-devel
