1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
5
>Encryption Options</TITLE
8
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
10
HREF="mailto:pgsql-docs@postgresql.org"><LINK
12
TITLE="PostgreSQL 9.1beta1 Documentation"
13
HREF="index.html"><LINK
15
TITLE="Server Setup and Operation"
16
HREF="runtime.html"><LINK
18
TITLE="Preventing Server Spoofing"
19
HREF="preventing-server-spoofing.html"><LINK
21
TITLE="Secure TCP/IP Connections with SSL"
22
HREF="ssl-tcp.html"><LINK
25
HREF="stylesheet.css"><META
26
HTTP-EQUIV="Content-Type"
27
CONTENT="text/html; charset=ISO-8859-1"><META
29
CONTENT="2011-04-27T21:20:33"></HEAD
35
SUMMARY="Header navigation table"
47
>PostgreSQL 9.1beta1 Documentation</A
56
TITLE="Preventing Server Spoofing"
57
HREF="preventing-server-spoofing.html"
66
TITLE="Server Setup and Operation"
74
>Chapter 17. Server Setup and Operation</TD
80
TITLE="Server Setup and Operation"
89
TITLE="Secure TCP/IP Connections with SSL"
104
NAME="ENCRYPTION-OPTIONS"
105
>17.8. Encryption Options</A
111
> offers encryption at several
112
levels, and provides flexibility in protecting data from disclosure
113
due to database server theft, unscrupulous administrators, and
114
insecure networks. Encryption might also be required to secure
115
sensitive data such as medical records or financial transactions.
123
>Password Storage Encryption</DT
126
> By default, database user passwords are stored as MD5 hashes, so
127
the administrator cannot determine the actual password assigned
128
to the user. If MD5 encryption is used for client authentication,
129
the unencrypted password is never even temporarily present on the
130
server because the client MD5-encrypts it before being sent
135
>Encryption For Specific Columns</DT
141
> module allows certain fields to be
143
This is useful if only some of the data is sensitive.
144
The client supplies the decryption key and the data is decrypted
145
on the server and then sent to the client.
148
> The decrypted data and the decryption key are present on the
149
server for a brief time while it is being decrypted and
150
communicated between the client and server. This presents a brief
151
moment where the data and keys can be intercepted by someone with
152
complete access to the database server, such as the system
157
>Data Partition Encryption</DT
160
> On Linux, encryption can be layered on top of a file system
163
>"loopback device"</SPAN
164
>. This allows an entire
165
file system partition to be encrypted on disk, and decrypted by the
166
operating system. On FreeBSD, the equivalent facility is called
167
GEOM Based Disk Encryption (<ACRONYM
171
other operating systems support this functionality, including Windows.
174
> This mechanism prevents unencrypted data from being read from the
175
drives if the drives or the entire computer is stolen. This does
176
not protect against attacks while the file system is mounted,
177
because when mounted, the operating system provides an unencrypted
178
view of the data. However, to mount the file system, you need some
179
way for the encryption key to be passed to the operating system,
180
and sometimes the key is stored somewhere on the host that mounts
185
>Encrypting Passwords Across A Network</DT
191
> authentication method double-encrypts the
192
password on the client before sending it to the server. It first
193
MD5-encrypts it based on the user name, and then encrypts it
194
based on a random salt sent by the server when the database
195
connection was made. It is this double-encrypted value that is
196
sent over the network to the server. Double-encryption not only
197
prevents the password from being discovered, it also prevents
198
another connection from using the same encrypted password to
199
connect to the database server at a later time.
203
>Encrypting Data Across A Network</DT
206
> SSL connections encrypt all data sent across the network: the
207
password, the queries, and the data returned. The
211
> file allows administrators to specify
212
which hosts can use non-encrypted connections (<TT
216
and which require SSL-encrypted connections
220
>). Also, clients can specify that they
221
connect to servers only via SSL. <SPAN
228
> can also be used to encrypt transmissions.
232
>SSL Host Authentication</DT
235
> It is possible for both the client and server to provide SSL
236
certificates to each other. It takes some extra configuration
237
on each side, but this provides stronger verification of identity
238
than the mere use of passwords. It prevents a computer from
239
pretending to be the server just long enough to read the password
240
sent by the client. It also helps prevent <SPAN
242
>"man in the middle"</SPAN
244
attacks where a computer between the client and server pretends to
245
be the server and reads and passes all data between the client and
250
>Client-Side Encryption</DT
253
> If the system administrator for the server's machine cannot be trusted,
255
for the client to encrypt the data; this way, unencrypted data
256
never appears on the database server. Data is encrypted on the
257
client before being sent to the server, and database results have
258
to be decrypted on the client before being used.
269
SUMMARY="Footer navigation table"
280
HREF="preventing-server-spoofing.html"
308
>Preventing Server Spoofing</TD
322
>Secure TCP/IP Connections with SSL</TD
b'\\ No newline at end of file'