Alle 15:11, venerd́ 5 marzo 2004, Alex Page ha scritto: > If you're trying to protect against somebody taking down your server > room door with a sledgehammer, lifting your server out of the rack, > driving it away and booting off an alternative medium to avoid needing > to know your root password, then a loopback encrypted partition (or data > encrypted in GPG where the decryption key is not stored on the database > server) is a sensible precaution.
Unfortunately, the new Italian law forces us to take seriously into account this catastrophic scenario and another one that is almost as worring: an unfaithful SysAdmin that copies your data and sells them to KGB. So, database encryption (and not disk encryption) is the _only_ answer. > - I expect that most of the situations we attempt to prevent are > unlikely in the extreme, but we have various contractual and legal > obligations which mean we have to defend against them anyway. This is the point. > Of course, this loopback encryption with a boot-time passphrase may fail > if they take the rackmount UPS as *well*, and keep the machine powered > at all times ;) The server should listen to the (encrypted/digitally signed) "Heartbeat" of a password server through the net to prevent this kind of attack. See you ----------------------------------------- Alessandro Bottoni and Silvana Di Martino [EMAIL PROTECTED] [EMAIL PROTECTED] ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
