patternsqlMinor
Secure postgresql database encryption
Viewed 0 times
postgresqlencryptiondatabasesecure
Problem
According to this answer, it's not possible to have a fully secure database encryption with pgcrypto.
Now, 2 years later (in postgresql 9.3) is there any new extension or new method to have a secure database encryption, or doing this on the application server is still the only way to be sure that someone with database access cannot decrypt the data?
Now, 2 years later (in postgresql 9.3) is there any new extension or new method to have a secure database encryption, or doing this on the application server is still the only way to be sure that someone with database access cannot decrypt the data?
Solution
There have been no significant enhancements in pgcrypto, and there's no functionality to allow functions to be marked sensitive such that queries that use them don't get logged. That'd fill one security hole and create another anyway.
So long as you don't actually store the key in the DB, you're not inherently giving the DB the ability to decrypt the data. You're just increasing the risk of key exposure through logs, network protocol captures (if not SSL),
See also:
So long as you don't actually store the key in the DB, you're not inherently giving the DB the ability to decrypt the data. You're just increasing the risk of key exposure through logs, network protocol captures (if not SSL),
pg_stat_activity, etc. If you trust both the DB server and app server, this may not actually matter as much. Nonetheless, I still think it's better that the DB never see the decryption keys at all.See also:
- https://stackoverflow.com/q/12614523/398670
- https://stackoverflow.com/q/21095026/398670
- https://stackoverflow.com/q/8054503/398670
- https://stackoverflow.com/q/12329652/398670
- https://stackoverflow.com/q/12329652/398670
Context
StackExchange Database Administrators Q#59942, answer score: 4
Revisions (0)
No revisions yet.