In response to Thomas Kellerer <spam_ea...@gmx.net>: > Bill Moran wrote on 16.04.2009 21:40: > > The goal here is that if we're going to encrypt the data, it should > > be encrypted in such a way that if an attacker gets ahold of a dump > > of the database, they still can't access the data without the > > passphrases of the individuals who entered the data. > > I'm by far not an expert, but my naive attempt would be to store the the > database files in an encrypted filesystem.
That was the first suggestion when we started brainstorming ideas. Unfortunately, it fails to protect us from the most likely attack vector: SQL Injection/application layer bugs. In an SQL Injection (for example) the fact that the filesystem is encrypted does zero to protect the sensitive data. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
