Tyrion wrote:
You are correct, if you have an encrypted drive, you have to use the passphrase to mount it, therefore, it is safe if "taken as evidence" However, if it's online and the system is hacked, the encrypted filesystem won't help much because it's already mounted. As to your original question, could you encrypt the data before storing it in the database? That would solve any issues involved with multiple databases and outside encryption.
You'd really want to encrypt it before putting it into the database. External encryption (not using the built-in database encryption) is going to allow much stronger encryption that what the DB engine can provide.
In the scenario described - wanting to protect data even when the database engine itself can be used to retrieve it - I would have the application provide the encryption. The user of the application would have to provide the passphrase and possibly the private key in order to decrypt the data.
(Aside: after using postgres for a little while now, I still prefer MySQL.) PGA -- Paul G. Allen, BSIT/SE Owner, Sr. Engineer Random Logic Consulting Services www.randomlogic.com -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
