Juergen Sauer wrote:
(-> Supports the database 64bit encryption??) Why do you want to encrypt your data? This doesn't make sense in a RDBMS ....Excuse me, I don't think this is right.There are plenty reasons to do encryption on DB base level: - secureing information, to be sure, only the authorized user may retrieve it without giving up all other features.
You do that by not granting that user access to the data.
NO! That is just plain WRONG it is not the DBMS's job to encrypt data, that is the job of the OS or a dedicated utility, on unix (and on windows too afair) you can do ad-hoc encrypted tunnels with ssh, permanent tunnels can be set up with ipsec.- secureing the connection to the database via TLS/SSL
- creating ACL listings for vserver, (Good, Bad, Attack detections)
what? that's what a firewall is for (unless I misundertand you).
NO! If an attacker has access to your backups or your filesystem you have already lost and it doesn't make any sense to try to protect yourself at that point.- secureing the data also in 'datasaves'. Now the data is in "Clear Text" in the dumpfiles.
So: Have proper physical security around your machines.
Do that in your application, I personally wouldn't trust the DBMS to encrypt data as it would be traveling in cleartext all the way from the client to the server and it could be stored in insecure memory at several points on the way.create table secret_data ( id int default serial, name varchar(60) name encrypted trusted by 'user|resource|usergroup', ... )
To realize we may use the 'gpg' Sources as libraries. GPG is GPL/LGPLWhy?
as SapDB.
What problem would that solve?
Think about it:
1) Your Database server runs on a machine that is in a physically secure
room.
2) The box is secured on the OS level, so only administrators have shell
access.
3) The only access to the database is via encrypted channels (ssh
tunnel) or via an otherwise secured application (like a webapp over
https).
4) You set up your schema so users only have rights to the data they
need to access.
You don't need to bloat the DBMS with encryption, because you get exactly the same advantages by taking the normal security precautions that you would take for any sensitive application via the normal tools.
--
Regards Flemming Frandsen - http://dion.swamp.dk
PartyTicket.Net co founder & Yet Another Perl Hacker
_______________________________________________
sapdb.general mailing list
[EMAIL PROTECTED]
http://listserv.sap.com/mailman/listinfo/sapdb.general
