Security Basics mailing list archives
Re: security against dbaŽs
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Fri, 13 Feb 2009 00:24:20 +0100
On 2009-02-12 rohnskii () gmail com wrote:
Yes, I agree with the others that sensitive data should be encrypted in the DB.
I don't. Encryption is not really suitable to protect data on a live system. At least not as long as you store the key on the same system. If anything, I'd place the tablespaces containing sensitive data on encrypted partitions or disks, but I fail to see what good encryption in the database would do.
But generally the idea behind that type of encryption (I think) is that data at rest (sitting on the Hard drive) in the DB should be unreadable to "the bad guys". But the DB would have the key and decrypt it when an authorized person (presumably our DBA in this example) reads it.
If the database has the key, the bad guys may get hold of it as well, which would render the encryption useless. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- RE: security against dba´s, (continued)
- RE: security against dba´s Scott Richardson (Feb 12)
- RE: security against dba´s Nick Vaernhoej (Feb 12)
- Re: security against dba?s Ansgar Wiechers (Feb 12)
- Re: security against dba?s Ray Van Dolson (Feb 12)
- Message not available
- Re: security against dba?s Ray Van Dolson (Feb 13)
- RE: security against dba?s Nick Vaernhoej (Feb 13)
- Re: security against dba´s Adam Pal (Feb 12)
- Re: security against dba´s Andre Rodrigues (Feb 12)
- Re: security against dbaŽs Ansgar Wiechers (Feb 12)
- Re[2]: security against dbaŽs Adam Pal (Feb 13)
- Re: security against dbaŽs Ansgar Wiechers (Feb 13)